If your cloud resources are in an Azure cloud, you must create a user identity called a service principal that grants permissions to the MID Server to access selected resources.

Azure management groups and subscriptions

An Azure management group contains other management groups and subscriptions. The management groups in an Azure Cloud environment form a hierarchy, but don’t contain volumes or virtual machines. Subscriptions contain cloud resources, such as virtual machines. The subscriptions that belong to management groups are called sub-accounts.

The advantages of using management groups are:

Easy population of sub-accounts

After you configure the management group and supply the necessary credentials, you can test the account. If the test succeeds, Discovery returns a list of subscriptions in that management group. From this list, you can choose one or more subscription sub-accounts to include in the Discovery schedule using the management group. For more information on the hierarchy of management groups and subscriptions, see Organize your resources with Azure management groups

Discovery of sub-account resources using dynamically acquired credentials

When you run Discovery on your subscriptions, you do not need separate credentials for each sub-account. Discovery finds the credentials for the management group and maps them to all of the subscription sub-accounts. The Cloud Discovery process handles credentials automatically by acquiring a temporary credential for each sub-account via an Azure API. You can elect to use the default configuration or customize the MID Server to assume other roles for additional controls and security. In addition, Discovery can automatically refresh the list of sub-accounts and datacenters covered in a discovery schedule. For more information, see the KB article Retrieve newer accounts/sub-accounts automatically via Cloud Discovery.

A service principal for Azure cloud services is similar to a Microsoft Windows service account that enables Windows processes to communicate with each other within an Active Directory domain.

To create the Azure service principal in your ServiceNow instance, copy the service principal credential values from the Azure portal into a text editor, and then transfer those values into the instance.
Figure 1. The text file that you generate during this procedure
Text file that temporarily holds Azure service principal credential values
This table shows you the Azure Service Principal value and the location in Azure where you can find the values you need for the credentials.
Cloud Provisioning and Governance settingAzure Service Principal valueLocation of the Azure value
Tenant ID Azure Directory ID value from the text file. Azure Active Directory > Properties > Directory ID
Client ID Azure Application ID value from the text file. Azure Active Directory > App registrations > Registered App.Application ID
Secret Key Azure Application key value from the text file. Azure Active Directory > App registrations > Registered App > Settings > Keys (hidden)
Account ID Azure Subscription ID associated with the Tenant ID. Azure Active Directory > Subscriptions > Subscription ID

Verify the REST API Permissions

Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

Data collected by Service Mapping during top-down discovery

To include discovered components into application services, enable CI relationships used in tag-based discovery by Service Mapping. These CI relationships are available from the 1.0.68 release on the ServiceNow Store. For operational steps, see Tag-based discovery configuration.

Service Mapping uses tag-based discovery to create application service maps including the Cloud components. The Service Mapping application comes with the following preconfigured CI relationships used for tag-based discovery. These CI relationships are available from the 1.0.68 release on the ServiceNow Store.
CI Relationship CI
Configuration Item [cmdb_ci] Hosted on::Hosts Logical Datacenter [cmdb_ci_logical_datacenter]
Logical Datacenter [cmdb_ci_logical_datacenter] Hosted on::Hosts Cloud Service Account [cmdb_ci_cloud_service_account]

Azure Cloud Discovery API list

Table 1. Logical Datacenter (cmdb_ci_logical_datacenter)
CI Attributes Azure Attributes
object_id response.name
name response.name
region response.displayName
status Installed
Table 2. Availability Zone (cmdb_ci_availability_zone)
CI Attributes Azure Attributes
object_id response.id
name response.name
status Installed/ Retired
state
Table 3. Resource Group (cmdb_ci_resource_group)
CI Attributes Azure Attributes
object_id id
name name
state available
status Installed/ Retired
Table 4. Network (cmdb_ci_network)
CI Attributes Azure Attributes
object_id id
state
name name
cidr properties.addressSpace.addressPrefixes
Table 5. Subnet (cmdb_ci_cloud_subnet)
CI Attributes Azure Attributes
subnetName response.name
subnetId response.id
resourceGroup response.properties.resourceGuid
networkId response.id.split('/subnets/')
networkName getNetwork(networkId)
cidrBlock response.properties.addressSpace.addressPrefixes
Table 6. Storage Volume (cmdb_ci_storage_volume)
CI Attributes Azure Attributes
state properties.provisioningState
storage_type properties.BlobType
volume_id id
name name
size_bytes properties.diskSizeGB * 1024 * 1024 * 1024
object_id id
size response.properties.diskSizeGB
"volume_container" containerName
status Installed/ Retired
Table 7. Security Groups (cmdb_ci_compute_security_group)
CI Attributes Azure Attributes
object_id id
name name
state properties.provisioningState
Table 8. Virtual Server (cmdb_ci_vm_instance)
CI Attributes Azure Attributes
memory properties.hardwareProfile.vmSize
state The instance statuses:
  • succeeded: on
  • running: succeeded/stopping
  • deallocating: stopping/stopped
  • deallocated: off
  • terminated: error
object_id id
cpus properties.hardwareProfile.vmSize
disks properties.storageProfile.dataDisks
nics properties.networkProfile.networkInterfaces[].size
vm_inst_id properties.vmId
name name
status Installed/ Retired
Table 9. Hardware Template (cmdb_ci_compute_template)
CI Attributes Azure Attributes
name name
object_id name
vcpus numberOfCores
memory_mb memoryInMB
local_storage_gb resourceDiskSizeInMB
cores numberOfCores
Table 10. Cloud Public IP Address (cmdb_ci_cloud_public_ipaddress)
CI Attributes Azure Attributes
object_id response.id
name response.name
public_dns properties.dnsSettings.fqdn
public_ip_address properties.ipAddress
Table 11. Cloud LB IP Address (cmdb_ci_cloud_lb_ipaddress)
CI Attributes Azure Attributes
object_id "properties.frontendIPConfigurations.properties.privateIPAddress OR properties.frontendIPConfigurations.properties.publicIPAddress, then call Public IP Address API"
name "properties.frontendIPConfigurations.properties.privateIPAddress OR properties.frontendIPConfigurations.properties.publicIPAddress, then call Public IP Address API"
ipaddress_type "properties.frontendIPConfigurations.properties.privateIPAddress ==> Private IP Address OR properties.frontendIPConfigurations.properties.publicIPAddress ==> Public IP Address"
status Installed
Table 12. "Cloud Network Interfaces cmdb_ci_nic"
CI Attributes Azure Attributes
object_id id
name name
private_ip properties.ipConfigurations
public_dns call public ip address api - properties.dnsSettings.fqdn
state properties.provisioningState
is_static properties.ipConfigurations
mac_address properties.macAddress
public_ip call public ip address api -
Table 13. Image (cmdb_ci_os_template)
CI Attributes Azure Attributes
name response.id
object_id response.name
guest_os properties.storageProfile.osDisk.osType
image_source id
status Installed/ Retired
Table 14. Cloud Storage Account cmdb_ci_cloud_storage_account
CI Attributes Azure Attributes
name name
object_id id
sku_name sku.name
state properties.provisioningState
Table 15. Load Balancer (cmdb_ci_cloud_load_balancer)
CI Attributes Azure Attributes
object_id response.id
name response.name
state
dns_name properties.
fqdn
canonical_hosted_zone_name