search

Azure

Note - Each of your Azure subscriptions must be onboarded as a separate account in MechCloud.

hashtag
Step 1: Sign in to Azure Portal

  1. Open your web browser and navigate to the Azure Portalarrow-up-right.

  2. Sign in using your Azure account credentials.

hashtag
Step 2: Register a New Application

Follow below instructions to create one application (service account) per every subscription whose assets you want to discover in MechCloud.

  1. In the Azure Portal, search for and select Microsoft Entra ID.

  2. Under Manage, click on App registrations.

  3. Click on New registration at the top.

  4. Enter a name for your application/service account.

  5. Choose Accounts in this organizational directory only under Supported account types.

  6. Optionally, enter a Redirect URI if your application requires one. For most service accounts, this can be left blank.

  7. Click Register.

hashtag
Step 3: Add Federated Credentials

MechCloud uses OpenID Connect (OIDC) federation to authenticate with Azure, eliminating the need for client secrets. This is more secure as there are no long-lived credentials to manage or rotate.

  1. Once your application is registered, navigate to your application's overview page.

  2. Select Certificates & secrets from the left-hand menu.

  3. Click on the Federated credentials tab.

  4. Click Add credential.

  5. Select Other issuer under Federated credential scenario.

  6. Fill in the following details:

Field
Value
Description

Issuer

https://id.mechcloud.io/

MechCloud's OIDC issuer URL

Subject identifier

Your MechCloud sub claim

Found in your JWT token (see below)

Name

mechcloud-federation

A descriptive name for this credential

Audience

Your MechCloud aud claim

Found in your JWT token (see below)

hashtag
Finding Your JWT Token Claims

To get the values for Subject identifier and Audience:

  1. Log in to MechCloud Portalarrow-up-right

  2. Open a new browser tab and navigate to: https://portal.mechcloud.io/oauth2/auth1

  3. This displays your JWT token. Decode it using jwt.ioarrow-up-right or similar tool.

  4. Find the following claims:

    • sub (Subject) - Use this value for the Subject identifier field (e.g., auth0|690895c8b0ac201506c31175)

    • aud (Audience) - Use this value for the Audience field (e.g., n6dMQIo8ZCE5QxLY4o2KjeBaSn8eefTX)

  5. Click Add to save the federated credential.

hashtag
Step 4: Assign Roles and Permissions

  1. Navigate to Subscriptions in the Azure Portal.

  2. Select the subscription you want the service account to access.

  3. Search for and click Access control (IAM) in left menu.

  4. Click Add -> Add role assignment.

  5. Choose the appropriate role(s) based on your needs:

    • Reader - For read-only access to list resources

    • Contributor - For Stateless IaC to create/update/delete resources

  6. Search for and select the application you registered earlier.

  7. Click Save to assign the role.

hashtag
Step 5: Obtain Application (Client) ID and Tenant ID

  1. Go back to the App registrations page and select your application.

  2. Copy the Application (client) ID and Directory (tenant) ID from the overview page.

hashtag
Step 6: Register your Azure account in MechCloud

  1. Log on to MechCloudarrow-up-right and navigate to Infrastructure -> Cloud Accounts.

  2. Select a team.

  3. Select Azure under Select a cloud provider dropdown.

  4. Click on New Cloud Account button.

  5. Enter a name for your account.

  6. Fill in the credentials:

    • Azure Tenant Id - Enter the Directory (tenant) ID from Step 5.

    • Client Id - Enter the Application (client) ID from Step 5.

    • Subscription Id - Enter the subscription ID (from Azure Portal -> Subscriptions) that you associated with the service account in Step 4.

  7. Click Save to add the cloud account.

PreviousGCPNextConfigure Regions / Zones

Last updated