Connect your Azure account

Microtica provisions infrastructure on your own Microsoft Azure account. In order to enable Microtica to manage cloud resources, you need to connect your Azure account and grant the proper access permissions.

Microtica authenticates to your Azure account as a Service Principal. You need to create a Service Principal which has Contributor rights to your subscription using either the Azure CLI or the Azure Portal.

#Using Azure CLI

To use Azure CLI you need to first install it on your local computer. To install the CLI follow the instructions.

Now we can start setting up the Service Principal. To do that, execute the instructions below:

# Login to the Azure CLI
az login

# List the existing subscriptions
az account list

# Set the appropriate Subscription
# The subscription id is the 'id' parameter from the previous instruction output
az account set --subscription=<SUBSCRIPTION_ID>

# Create the Service Principal with 'Contributor' permissions
az ad sp create-for-rbac --name demo-app --role="Contributor" --scopes="/subscriptions/<SUBSCRIPTION_ID>"

# Test the setup (optional)
az login --service-principal -u <CLIENT_ID> -p <CLIENT_SECRET> --tenant <TENANT_ID>
az account list-locations

output

{
  "appId": "852e8e35-75e6-4850-beb9-967587a33fc9",
  "displayName": "demo-app",
  "name": "be4cfd68-05a0-11ec-9a03-0242ac130003",
  "password": "<Client Secret Value>",
  "tenant": "cad36f2c-05a0-11ec-9a03-0242ac130003"
}

Next, use the output from the create-for-rbac instruction to connect your Azure account in the Microtica Portal.

#Using Azure Portal

An Azure service principal is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a ‘user identity’ (login and password or certificate) with a specific role, and tightly controlled permissions to access your resources.

1. Create an Application in Azure Active Directory

  • Go to Azure Active Directory -> App registrations
  • Choose New registration
  • Enter the following:
    • Name – only used as a friendly identifier
    • Supported account types – set this to “Accounts in this
      organizational directory only (single-tenant)”
    • Redirect URI – choose “Web” for the type (you can leave the actual
      value blank)

  • Click on Register. You will be redirected to the app details page

Copy the Application (Client) ID somewhere, you will need it in the next steps.

2. Generate a Client Secret

In this step we will generate a Client Secret for the Azure Active Directory Application you just created. We will use this to authenticate to your account.

  • Click on the application you just created
  • Go to Certificates & secrets
  • Choose New client secret
  • Enter Description and Expiry Date for the secret
  • Choose Add. Once the Client Secret has been generated, it will only be displayed once so make sure you copy it, otherwise you will need to generate a new Client Secret

Copy the Value of the Client Secret somewhere, you will need it in the next steps.

3. Grant access to the Application

By granting certain access to an application you give Microtica access to your Azure resources only with permissions assigned to this role. You can assign multiple roles on one application.

  • Go to Subscriptions
  • Choose the Subscription you want to use
  • Choose Access control (IAM) -> Add -> Add role assignment
  • Specify a Role to grant permissions needed for the Application (Service Principle)
  • Search and select the Application created earlier
  • Choose Save

Now you are ready to connect your Azure account in Microtica

#Connect your Azure account in Microtica

Now that you have the setup in Azure ready and all the information available, you can connect your account in Microtica.

  • Open Microtica Portal
  • Choose Settings -> Cloud Accounts -> Connect Cloud Account
  • For account type choose Microsoft Azure
  • Enter the following:
    • Microsoft Azure Tenant ID – Your Azure directory (tenant) id
    • Microsoft Azure Subscription ID – ID of the Subscription associated with your account
    • Microsoft Azure Application ID – ID of the Application you created earlier
    • Microsoft Azure Client Secret – Value of the Secret you generated earlier
    • Microsoft Azure Subscription Name – used as a friendly identifier
  • Choose Add Microsoft Azure Account