(Last updated - Feb 10, 2024) - This page describes how you can onboard an azure account (representing an azure subscription) in MechCloud.

Note - Each of your azure subscriptions must be onboarded as a separate account in MechCloud.

Step 1: Sign in to Azure Portal

  1. Open your web browser and navigate to the Azure Portal.

  2. Sign in using your Azure account credentials.

Step 2: Register a New Application

Follow below instructions to create one application (service account) per every subscription whose assets you want to discover in MechCloud.

  1. In the Azure Portal, search for and select Microsoft Entra ID.

  2. Under Manage, click on App registrations.

  3. Click on New registration at the top.

  4. Enter a name for your application/service account.

  5. Choose Accounts in this organizational directory only under Supported account types.

  6. Optionally, enter a Redirect URI if your application requires one. For most service accounts, this can be left blank.

  7. Click Register.

Step 3: Create a Client Secret

  1. Once your application is registered, navigate to your application's overview page.

  2. Select Certificates & secrets from the left-hand menu.

  3. Under Client secrets, click New client secret.

  4. Enter a description for your secret and choose an expiration period.

  5. Click Add.

  6. After the secret is created, copy the Value. This is your client secret and will not be shown again.

Step 4: Assign Roles and Permissions

  1. Navigate to Subscriptions in the Azure Portal.

  2. Select the subscription you want the service account to access.

  3. Search for and click Access control (IAM) in left menu.

  4. Click Add -> Add role assignment.

  5. Choose Reader (or some other role(s) to list Vnet, Subnets and VMs in this subscription) role from the list.

  6. Search for and select the application you registered earlier.

  7. Click Save to assign the role.

Step 5: Obtain Application (Client) ID and Tenant ID

  1. Go back to the App registrations page and select your application.

  2. Copy the Application (client) ID and Directory (tenant) ID from the overview page.

Step 6: Register your Azure service account in MechCloud

  • Log on to MechCloud and navigate to Infrastructure -> Cloud Account.

  • Select a team.

  • Select Azure under Select a cloud provider dropdown. This will display all the cloud accounts added for the Azure cloud provider.

  • Click on New Cloud Account button.

  • Enter a name for your account.

  • Vpc API Credentials

    • Azure Tenant Id - Enter tenant id which you obtained in the Step 5 above.

    • Client Id - Enter client id which you obtained in the Step 5 above.

    • Client Secret - Enter client secret which you obtained in the Step 3 above.

    • Subscription Id - Enter the id of the subscription (you can get it from the list of subscriptions in Azure portal) which you had associated the service account (created in the Step 2 above) with.

  • Click on Save button to add the cloud account.

Last updated