Skip to main content

Preparations

The following information from Microsoft Azure needs to be provided when configuring the integration connector.

  • Directory (tenant) ID

    The ID of the Microsoft Azure Active Directory to retrieve information from.

  • Application (client) ID

    The ID of the application that will connect to Microsoft Azure Active Directory, which in this case the integration connector.

  • Application (client) secret

    The key that will be used as the secret in the connection to Microsoft Azure.

Create Azure Active Directory application

  1. Login to Microsoft Azure portal.

  2. In the main menu, select Azure Active Directory, and then select App registrations.

  3. To create a new application, select + New registration.

  4. Enter the following information:

    1. Set Name to Azure SIM Gateway.

    2. Set Supported account types to Accounts in this organizational directory only.

    3. Set Redirect URI to Web and in the URI box enter http://localhost.

  5. To save the new application, select Register.

  6. Copy the value of the Application (client) ID. This value is used when configuring the connector in SIM.

  7. Copy the value of the Directory (tenant) ID. This value is used when configuring the connector in SIM.

Create client secret

  1. In the Overview view of the application, select Certificates & secrets.

  2. Create a new client secret using of the following information:

    1. Select New client secret.

    2. Set Description to sim_secret_key.

    3. Set Expires to 24 months.

      Note

      The new client secret needs to be regenerated after the set expiration time. This also means that the connector needs to be re-configured.

  3. Select Add. The client secret is shown.

    Note

    Make sure to copy the value of the client secret before you leave this screen.

  4. Use the value of the client secret as the Application secret when configuring the connector in Snow Integration Manager.

Grant access to subscription

The application Azure SIM Gateway needs be granted read access on the subscriptions in order to read their content. This permission can only be granted by an administrator with the Service Administrator role for these subscriptions. Verify permissions and role if needed.

The following must be done for each subscription to be inventoried by the connector.

Note

To do the following configuration in Azure Portal, a login user with Administration rights on the subscription, is required.

  1. Login to Microsoft Azure.

  2. In the main menu, select Subscriptions.

  3. In the Subscriptions list, seelct the subscription, and then select Access control (IAM).

  4. To add a new permission, select +Add.

  5. In the Role, select Reader.

  6. In the Select, search and select the Azure SIM Gateway application.

  7. Select Create.

Verify permissions and role

  1. Login to Microsoft Azure.

  2. In the main menu, select More services and then select Subscriptions.

  3. In the Subscriptions list, select the subscription to be scanned for virtual machines.

  4. In the menu, select Access control (IAM).

  5. Verify that the Azure SIM Gateway application has been granted the Reader role.

In this section: