Azure credentials for Cloud Management

You must create a special credential — a Service Principal — to integrate with Microsoft’s Azure cloud technology. Depending on how permissions are set up, the process might require the assistance of your organization’s Active Directory or Azure administrators.

Azure values for required Cloud Management settings

Cloud Management setting Location of the Azure value
Tenant ID Azure Active Directory > Properties > Directory ID
Client ID Azure Active Directory > App registrations > Registered App.Application ID
Secret Key Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
Account ID Azure Active Directory > Subscriptions > Subscription ID

Create an Azure service principal

Lot of information needs to be gathered from the Azure portal to create an Azure service principal. You need to get the ID’s and the keys necessary to get Azure and ServiceNow successfully integrated.

Before you begin

Role required: sn_cmp.cloud_admin

  • Role required: sn_cmp.cloud_admin
  • A safe keeping space (text editor, OneNote, Evernote, etc.)

Procedure

  1. Log in to the Azure portal, navigate to Azure Active Directory.
  2. In the Properties section, in the Directory ID field, click the copy to clipboard shortcut and paste the UUID in a text editor for safe keeping. Label this UUID as Directory ID.
  3. Navigate to the App registrations section and click New application registration or the plus icon at the top of the page.
  4. Enter a name for the integration credentials in the Name field. As an example, ServiceNow Integration. Leave the default value (Web app/API) as is in the Application type field.
  5. Enter a valid URL, for example, a ServiceNow instance URL, in the Sign-on URL field.
    Figure 1. Create integration credentials
    Create integration credentials
  6. After the integration credential is created, select the application from the list. Hover the mouse over the Application ID, click copy to clipboard and then paste the Application ID in the text editor where you had earlier saved the Directory ID. Label it as Application ID.
  7. Click the Keys section. Enter a description for the key in the Key description field and a duration with the value Never Expires in the Duration field.
    You may have policies that restrict key durability. Choose the duration appropriate for your organization.
  8. Click Save. Copy and paste the key in a text editor and label this key as Application key.
  9. To enable the service principal to work with various Azure subscriptions, navigate to Subscriptions. If multiple subscriptions are to be managed, you need to repeat the following steps, step 10 to step 12, for each subscription.
  10. Copy and paste the subscription ID in a text editor and label it as Subscription ID. Navigate to the subscription, select Access Control (IAM) from the menu and click + Add at the top of the screen.
  11. Select the value contributor from the Role field. Let the default value Azure AD user, group, or application remain as is in the Assign access to field.
  12. Select the name you created in step 4 in the Select field and click Save.
    Figure 2. Add permissions
    Add permissions

Create Azure service principal for Cloud Management

You create a special credential — a Service Principal — to integrate with Microsoft’s Azure cloud technology. Depending on how permissions are set up, the process might require the assistance of your organization’s Active Directory or Azure administrators.

Before you begin

  • Role required: sn_cmp.cloud_admin
  • A service principal on the Azure portal. Make sure that your user settings in Azure allow users to register applications. Also make sure that the Directory role is not set to user when users cannot create applications. You can always contact your Azure administrator to create a service principle.
  • The Azure application ID, the key, and the directory ID from the Azure portal.
Table 1. Azure values required to define a Service Principal
Cloud Management setting Location of the Azure setting
Tenant ID Azure Active Directory > Properties > Directory ID
Client ID Azure Active Directory > App registrations > Registered App.Application ID
Secret Key Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
Account ID Azure Active Directory > Subscriptions > Subscription ID

About this task

See Getting Started with Azure and Cloud Management for a video that explains the Azure and Cloud Management integration.

Procedure

  1. Navigate to Connections & Credentials > Credentials, click New and then select Azure Service Principal.
  2. Fill in the form fields (see table).
    Figure 3. Azure credentials
    Azure credentials
    Field Value
    Name Enter the name of the service principal to register with the instance.
    Tenant ID and Client ID Paste the values that you obtained from the Azure portal:
    • The Tenant ID is the Directory ID in Azure.
    • The Client ID is the Application ID of the application that you registered in Azure.
    Authentication Method Select Client secret.
    Note: Client assertion is not supported.
    Secret key Paste the secret key that was generated while creating the Azure Service Principal.

    This field appears when Authentication method is Client secret.

  3. Right-click the form header and click Save.
  4. Click Submit.
    The Azure service principal credential is created.
  5. Open the Azure service principal you created.
  6. Click Discover Subscriptions to get all the subscriptions for the given Azure service principal. Service accounts get created for each subscription discovered.
  7. Click Azure Subscriptions to view all the subscriptions for the Azure service principal. Click a subscription to view the service account created for that subscription.
  8. Click a discovery status under Credential Discovery Status to view a discovery log. Each time you click Discover Subscriptions, a new discovery status appears under Credential Discovery Status.