Preparations

The following information from Microsoft Azure needs to be provided when configuring the integration connector:

  • Directory (tenant) ID

    The ID of the Microsoft Azure Active Directory to retrieve information from.

  • Application (client) ID

    The ID of the application that will connect to Microsoft Azure Active Directory, which in this case the integration connector.

  • Application (client) secret

    The key that will be used as the secret in the connection to Microsoft Azure.

Create Azure Active Directory application

  1. Login to Microsoft Azure portal.

  2. In the main menu, select Azure Active Directory, and then select App registrations.

  3. To create a new application, select + New registration.

  4. Enter the following information:

    1. Set Name to Azure SIM Gateway.

    2. Set Supported account types to Accounts in this organizational directory only.

    3. Set Redirect URI to Web and in the URI box enter http://localhost.

  5. Select Register to save the new application.

  6. Copy the value of the Application (client) ID.

    Use it as the Application id when configuring the integration connector in Snow Integration Manager.

  7. Copy the value of the Directory (tenant) ID.

    Use it as the Directory ID when configuring the integration connector in Snow Integration Manager.

    Azure_AD_application.png

Create client secret

  1. In the Overview view of the application, select Certificates & secrets.

  2. Select + New client secret.

  3. Create a new client secret with the following information:

    1. Set Description to sim_secret_key.

    2. Set Expires to 24 months.

  4. Select Add.

    The client secret is shown.

    Azure_create_client_secret.png

    Note

    Make sure to copy the value of the client secret before you leave this screen.

  5. Use the client secret as the Application secret when configuring the integration connector in Snow Integration Manager.

Grant access to subscription

The application Azure SIM Gateway needs be granted read access on the subscriptions in order to read their content. This permission can only be granted by an administrator with the Service Administrator role for these subscriptions. Verify permissions and role if needed.

The following must be done for each subscription to be inventoried by the connector.

Note

To do the following configuration in Azure Portal, a login user with Administration rights on the subscription, is required.

  1. Login to Microsoft Azure.

  2. In the main menu, select Subscriptions.

  3. In the Subscriptions list, seelct the subscription, and then select Access control (IAM).

  4. To add a new permission, select +Add.

  5. In the Role box, select Reader.

  6. In the Select box, search for the Azure SIM Gateway application, and then select it.

  7. Select Create.

Verify permissions and role

  1. Login to Microsoft Azure.

  2. In the main menu, select More services and then select Subscriptions.

    AzureSubscription.jpg
  3. In the Subscriptions list, select the subscription to be scanned for virtual machines.

  4. In the menu, select Access control (IAM).

  5. Verify that the Azure SIM Gateway application has been granted the Reader role.

    AzureSubscription2.jpg