Preparations
The following information from Microsoft Azure needs to be provided when configuring the integration connector:
Directory (tenant) ID
The ID of the Microsoft Azure Active Directory to retrieve information from.
Application (client) ID
The ID of the application that will connect to Microsoft Azure Active Directory, which in this case the integration connector.
Application (client) secret
The key that will be used as the secret in the connection to Microsoft Azure.
Create Azure Active Directory application
Login to Microsoft Azure portal.
In the main menu, select Azure Active Directory, and then select App registrations.
To create a new application, select + New registration.
Enter the following information:
Set Name to Azure SIM Gateway.
Set Supported account types to Accounts in this organizational directory only.
Set Redirect URI to Web and in the URI box enter http://localhost.
Select Register to save the new application.
Copy the value of the Application (client) ID.
Use it as the Application id when configuring the integration connector in Snow Integration Manager.
Copy the value of the Directory (tenant) ID.
Use it as the Directory ID when configuring the integration connector in Snow Integration Manager.
Create client secret
In the Overview view of the application, select Certificates & secrets.
Create a new client secret using of the following information:
Select New client secret.
Set Description to sim_secret_key.
Set Expires to 24 months.
Important
The new client secret needs to be regenerated after the set expiration time. This also means that the connector needs to be re-configured.
Select Add.
The client secret is shown.
Note
Make sure to copy the value of the client secret before you leave this screen.
Use the client secret as the Application secret when configuring the integration connector in Snow Integration Manager.
Grant access to subscription
The application Azure SIM Gateway needs be granted read access on the subscriptions in order to read their content. This permission can only be granted by an administrator with the Service Administrator role for these subscriptions. Verify permissions and role if needed.
The following must be done for each subscription to be inventoried by the connector.
Note
To do the following configuration in Azure Portal, a login user with Administration rights on the subscription, is required.
Login to Microsoft Azure.
In the main menu, select Subscriptions.
In the Subscriptions list, seelct the subscription, and then select Access control (IAM).
To add a new permission, select +Add.
In the Role box, select Reader.
In the Select box, search for the Azure SIM Gateway application, and then select it.
Select Create.
Verify permissions and role
Login to Microsoft Azure.
In the main menu, select More services and then select Subscriptions.
In the Subscriptions list, select the subscription to be scanned for virtual machines.
In the menu, select Access control (IAM).
Verify that the Azure SIM Gateway application has been granted the Reader role.