Azure credentials for Cloud Management

The credentials required for the instance to access Azure accounts are referred to as service principals.

A service principal is the automated process, application, or service that the Azure admin configured to access the subscription that the admin specifies. Provide the credentials for your Azure service principal to the instance so that it can discover the Azure subscriptions for your organization.

See these videos in the ServiceNow

Collect the Azure Client ID and Tenant ID

Specify the Azure Client ID and Tenant ID while configuring the instance.

Before you begin

Role required: sn_cmp.cloud_admin

Procedure

  1. Log in to the Azure portal, navigate to Active Directory, and then select the directory that you work in.
  2. Click the application that you are working on and then click Configure.
  3. Copy the Tenant ID and the Client ID and save them into a text file.
    In any of the URLs, the Tenant ID is the text that is in the form of a GUID. For example, https://login.windows.net/d85131e4-1763-42d6-b9c7-b6bad64b3a51

Create Azure credentials (service principals) for Cloud Management

Create the credentials necessary to access your Azure subscriptions after you collect the tenant and client IDs from Azure.

Before you begin

  • Role required: sn_cmp.cloud_admin
  • A service principal on the Azure portal. Make sure that your user settings in Azure allow users to register applications. Also make sure that the Directory role is not set to user when users cannot create applications. You can always contact your Azure administrator to create a service principle.
  • The Azure client ID, tenant ID, and GUID (subscription ID) which you obtain from the Azure portal.

About this task

See Getting Started with Azure and Cloud Management for a video that explains the Azure and Cloud Management integration.

Procedure

  1. Navigate to Discovery > Credentials, and then select Azure Service Principal.
  2. Fill in the form fields (see table).
    Figure 1. Azure credentials
    Azure credentials
    Field Value
    Name Enter the name of the service principal to register with the instance.
    Tenant ID and Client ID Paste the values that you obtained from the Azure portal:
    • The Tenant ID is the Directory ID in Azure.
    • The Client ID is the of the ID of the application that you registered in Azure. If you do not have an application, you must create one under App registrations in the Azure portal.
    Authentication Method Select Client secret.
    Note: Client assertion is not supported.
    Secret key Paste the secret key that was generated while creating the Azure Service Principal in the Azure portal.

    This field appears when Authentication method is Client secret.

  3. Right-click the form header and click Save.
  4. Go to Access control (IAM) in the Azure portal and assign a role to the Azure application that you registered. The role must grant access to the subscription and allow manipulation of it. For example: the contributor or owner role. This allows API calls using the Azure credential to manipulate items in the subscription.

What to do next

  • If the Microsoft Azure Management Application (DEPRECATED) [com.snc.azure] plugin is active on your instance, you can click Get Subscriptions to automatically populate your subscriptions in the related list.
  • Create a Service Account
.