Create an app-based provisioning credential for Azure

Follow these steps to create an app-based provisioning credential for Azure. This can be done from the CDP web interface or CDP CLI.

Step 1: Obtain subscription and tenant ID

These steps should be performed by someone who has the Owner built-in Azure role and the Application Developer role in Azure Active Directory.

You can obtain both the Subscription ID and Tenant ID from Azure CLI by using the following Azure CLI command:
```
az account list|jq '.[]|{"subscriptionId": .id, "tenantId": .tenantId, "state": .state}'
```

You can obtain your Azure Subscription ID from your Azure Portal > Subscriptions:
You can obtain your Azure Tenant ID (also known as Directory Id) from your Azure Portal > Azure Active Directory > Properties:

Step 2: Create an app registration and assign a role to it

On Azure Portal, navigate to the Azure Active Directory > App Registrations and click on + New Registration:
Register a new application as follows and then click Register:
Once your app registration is created, you will be redirected to the app registration's overview page. Copy and save the Application ID before closing this page. You will need to provide it to CDP later:
Next, navigate to Certificates & secrets and generate a new secret by clicking + New client secret, providing a description and expiration time, and clicking Add:
Copy and save the Client secret value. You will need to provide it to CDP later.
Next, you need to assign a role to your application. To do that, browse to Subscriptions, click on your subscription, and choose Access control (IAM).
Click Add > Add role assignment and then assign the Contributor role to your newly created application by:
- Under Role, selecting Contributor or other role that includes the minimum required action set.
- Typing your app name under Select and then selecting it:
Once done, click Save.

note

If you are unable to use the "Contributor" role, you can create a custom role by using the following role definition, which includes the minimum permissions required for creating resources with CDP. For more information on custom roles, refer to Custom roles for Azure resources in Azure documentation.

note

This step can only be performed by a user who is able to manage your Azure Active Directory, so if you are not able to perform this step, you may have to contact your Azure administrator.

Step 3: Create a credential in CDP

Log in to the CDP web interface.
In the Management Console, navigate to Environments > Shared Resources > Credentials.
Click Create Credential:
Select Azure to access credential options for Microsoft Azure.

On the Configure credential page, provide the following parameters:


Parameter	Description
Name	Enter a name for your credential.
Description	(Optional) Enter a description.
	App based Login should be selected by default.
Subscription Id	Copy and paste the Subscription ID from your Subscriptions.
Tenant Id	Copy and paste your Directory ID from your Active Directory > Properties.
App Id	Copy and paste the Application ID from your Azure Active Directory > App Registrations > your app registration’s Overview.
Password	This is your application key. You can generate it from your Azure Active Directory app registration’s Certificates & secrets.

Click Create.

Now that you have created the credential, you can register it as part of an environment.