Create an app-based provisioning credential for Azure

Follow these steps to create an app-based provisioning credential for Azure. This can be done from the CDP web interface or CDP CLI.

Step 1: Obtain subscription and tenant ID

These steps should be performed by someone who has the Owner built-in Azure role and the Application Developer role in Azure Active Directory.
  • You can obtain both the Subscription ID and Tenant ID from Azure CLI by using the following Azure CLI command:
    az account list|jq '.[]|{"subscriptionId": .id, "tenantId": .tenantId, "state": .state}'
  • You can obtain your Azure Subscription ID from your Azure Portal > Subscriptions:
  • You can obtain your Azure Tenant ID (also known as Directory Id) from your Azure Portal > Azure Active Directory > Properties:

Step 2: Create an app registration and assign a role to it

  1. On Azure Portal, navigate to the Azure Active Directory > App Registrations and click on + New Registration:

  2. Register a new application as follows and then click Register:

  3. Once your app registration is created, you will be redirected to the app registration's overview page. Copy and save the Application ID before closing this page. You will need to provide it to CDP later:

  4. Next, navigate to Certificates & secrets and generate a new secret by clicking + New client secret, providing a description and expiration time, and clicking Add:

  5. Copy and save the Client secret value. You will need to provide it to CDP later.

  6. Next, you need to assign a role to your application. To do that, browse to Subscriptions, click on your subscription, and choose Access control (IAM).

  7. Click Add > Add role assignment and then assign the Contributor role to your newly created application by:

    • Under Role, selecting Contributor or other role that includes the minimum required action set.
    • Typing your app name under Select and then selecting it:
  8. Once done, click Save.

Step 3: Create a credential in CDP

  1. Log in to the CDP web interface.

  2. In the Management Console, navigate to Environments > Shared Resources > Credentials.

  3. Click Create Credential:

  4. Select Azure to access credential options for Microsoft Azure.

  5. On the Configure credential page, provide the following parameters:

    Parameter Description
    Name Enter a name for your credential.
    Description (Optional) Enter a description.
    App based Login should be selected by default.
    Subscription Id Copy and paste the Subscription ID from your Subscriptions.
    Tenant Id Copy and paste your Directory ID from your Active Directory > Properties.
    App Id Copy and paste the Application ID from your Azure Active Directory > App Registrations > your app registration’s Overview.
    Password This is your application key. You can generate it from your Azure Active Directory app registration’s Certificates & secrets.
  6. Click Create.

Now that you have created the credential, you can register it as part of an environment.