To integrate Azure with oak9, the Azure app must be registered. Generate a client secret for it, give it the appropriate permissions, and then provide oak9 with the required access keys.
· Registering an application and generating a client secret
· Setting the permissions
· Integration with oak9
Registering an application and generating a client secret
· Go to “App registrations” and click on the “New registration” button to create a new
· Give the new app a name (“oak9”) and set its account type as “Single tenant”. See
· Click “Register”.
· In the application’s overview page that shows up, take note of the “Application
(client) ID”, and the “Directory (tenant) ID”. We’ll need those later. See below figure
· From the sidebar on the left, click on “Certificates & secrets”.
· Click on the “New client secret” button and create a new client secret. See below
· Once a client secret is created, copy its value field. This is only allowed once, so
copy the value and keep it handy, it’ll be needed soon. See below figure
To summarize, there should be 3 access keys, the Application (client) ID, the Directory (tenant) ID, and the Client secret. Those will be needed when integrating with oak9.
An app should also have been created; the name will be needed soon when setting the appropriate permissions.
Setting the permissions
Permissions are given either for a particular subscription, on a resource group, or for individual resources.
In this the permissions for a subscription will be set up, but the steps are the same for the other resources.
Note: To be able to give oak9 permission to a resource, oak9 should first have access to edit that resource’s permissions. Roles able to edit a resource’s permissions are "Owners” of the resource or “User Access Administrators”.
· Go to the Subscriptions list.
· Click on the subscription that has the resources that oak9 should have access to.
· See below figure
1- In the sidebar, click on “Access Control (IAM)”
2- Click on the “Add” button
3- From the drop-down choose “Add role assignment”
· In the pane that shows up on the right - See below figure
1- From the “Role” drop-down choose the “Reader” role
Keep the second field’s default value of User, group, or service principal.
2- For the third “Select” field, search for the app’s name that was registered
3- Choose the app
4- Click Save
The app now has read-only access to the deployed resources in the selected subscription.
Only thing left now is to provide oak9 with the access secrets.
Integration with oak9
· In the oak9 app, navigate to the “Integrations” page and click on the “Cloud Service
Provider Integrations” card and choose the Azure logo. See below figure
· Paste the appropriate secrets in the dialog box that shows up. Click Save.
The “Tenant Id” field is the “Directory (tenant) ID” key.
The “Client Access Key” field is the “Application (client) ID” key.
The “Client Access Secret” field is the Client secret’s value.
And that’s it! oak9 should now be able to access the resources deployed on Azure.