Directly contact our Support Team

How to Configure an Azure Application for GravityZone Integration with Microsoft Azure

Through GravityZone (on-premises solution) integration with Microsoft Azure, you are able to import into Control Center the existing inventory of virtual machines hosted in the Microsoft cloud.

The integration requires registering in Azure a web application that provides GravityZone the ability to access data from Azure virtual machines. The Azure application also provides the necessary credentials to configure the integration in Control Center:

  • Active Directory ID
  • Application ID
  • Application Secret

For details on how to use these credentials after you have created the application, refer to the GravityZone Installation Guide.

This article includes:

Requirements

To create an application, first make sure that you have the necessary Azure AD and subscription permissions.

Azure AD Permissions

You need Azure AD permissions to access Azure Active Directory and to register the application.

To check the Azure AD permissions:

  1. Log in to Microsoft Azure Portal.
  2. Select Azure Active Directory.
  3. In the Overview section, observe your role. For example, if you are an administrator, you can manage all aspects of app registrations. Refer to Microsoft Azure documentation for available roles and role permissions.
  4. In the left pane, select User settings.
  5. View the App registrations setting. If the value is Yes, then any user in the Azure directory can register an application. If the value is No, then only users with an administrator role can register an application.

    Only an administrator can change the value for App registrations.

Azure Subscription Permissions

In your Azure subscription, you need to have Microsoft.Authorization/*/Write access to assign a role to the application. This action requires the Owner role or User Access Administrator role.

To check the subscription permissions:

  1. Search for and select Subscriptions, or click Subscriptions on the Home page.
  2. Select the subscription that you want to associate with the application. If you do not see the subscription, select global subscriptions filter.
  3. Select My permissions and select Click here to view complete access details for this subscription.
    user permissions azure
  4. Click Role assignments and view your roles. If the case, use the filtering boxes to find your account.

    If you do not have the required permissions to assign a role to the application, contact your administrator.

Configuring an Azure Application

Register the Application

To register an Azure application:

  1. Log in to Microsoft Azure Portal.
  2. Select Azure Active Directory.
  3. Select App registrations.
  4. Select New registration.
    registration azure
  5. Enter a name for the application.
    create app azure
  6. Under Redirect URl (optional), select Web and enter the URL of the GravityZone instance that you integrate with Azure.
  7. Click Register.

Once created, the application displays in the Overview section two of the three values required for GravityZone integration:

  • Application (client) ID
  • Directory (tenant) ID

details app azure

Assign a Role to the Application

You must assign a Reader role to the application to access resources in your subscription.

  1. Search for and select Subscriptions, or click Subscriptions on the Home page.
  2. Select the subscription that you want to associate with the application.
  3. Select Access control (IAM).
    add role azure
  4. Click Add and select Add role assignment.
  5. Under Role, select Reader.
    role reader azure
  6. Select Azure AD user, group, or service principal.
  7. Select the application you have created.
  8. Click Save.
     

Create an Application Secret

To integrate GravityZone with Azure, you also need the application secret.

  1. Select Azure Active Directory.
  2. Go to App registrations and select your application.
  3. Select Certificates & secrets.
    secret azure
  4. Under Client secrets, click New client secret.
  5. Enter a description, select the duration and click Add.
    important Important:
    After the secret expires, the synchronization between the Microsoft Azure and GravityZone inventories will not be possible. In this case, you must use another secret for integration.
  6. Back under Client secrets, a key value is displayed. This value represents the application secret required for GravityZone integration.

    Use the Copy to clipboard option and keep the value in a safe location. You will not be able to retrieve this value later.
    secret copy azure

Microsoft provides additional information on creating an Azure application: How to: Use the portal to create an Azure AD application and service principal that can access resources


Rate this article:

Submit