Versions Compared

Old Version 21

changes.mady.by.user Shmuel Kaplan

Saved on

compared with

New Version Current

changes.mady.by.user Shmuel Kaplan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you do not want to login with a user who has Global Administrator and Owner roles, you will need to provide several login details during the activation of IncrediBuild Cloud. These login details are:

  • Tenant ID

  • New Azure AD Application ID

  • Client Secret

...

To generate these details, you first need to create a new Azure AD application for the IncrediBuild Cloud – Azure integration. Then, you need to create a client secret, and lastly you need to assign the new app to a subscription and a role.

Table of Contents

Important! These procedures can be done only by a user who has Global Administrator and Owner roles.

Creating an Azure AD Application

To enable IncrediBuild Cloud to manage for you resources on Azure platform, you need to create a new Azure AD application, which will grant IncrediBuild Cloud the permission to access and modify Azure resources.

Note: For more information on creating an Azure Active Directory application, see Azure documentation:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

 >To create an Azure AD application for IncrediBuild Cloud:

...

On Azure portal, enter in the Search box: App registrations.

...

On the App registrations page, click the + New registration option:

...

On the Register an Application page, perform the following:

...

  • Name – enter a name for the new application.

  • Supported account types – leave the default option.

Then, click the Register button to create a new registered app.

...

On the new application page, copy the following data and save it on an available location:

  • Application (client) ID – this is the New Azure AD Application ID.

  • Directory (tenant) ID – this is the Tenant ID.

    Image Removed

    Important! These details are required for the activation of IncrediBuild Cloud solution. However, as long as you do not delete the new app, you can return to Azure portal at a later date and retrieve them.

...

On the same page, click the Add an Application ID URI option:

...

On the new application – Expose an API page, click the Add a scope option:

...

On the Add a scope dialog box, perform the following:

...

  1. Accept the Default and Click on Save and Continue

  2. Note: The text starting with "api://...." is just a default generated GUID which can be used.
    you can put whatever URL format you want in there, "api://" as valid as "http://".

On the second Add a scope dialog box, enter the following:

...

Scope name – enter user_impersonation.

...

Who can consent? – select Admins and users.

...

Admin consent display name – enter Access IncrediBuild Cloud App.

...

Admin consent description – enter Allow the application to access IncrediBuild Cloud App on behalf of the signed-in user.

...

User consent description – enter Allow the application to access IncrediBuild Cloud App on behalf of the signed-in user.

...

State – select Enabled.

...

After you entered all required details, click the Add scope button.
Your new app is saved.

...

Open the Authentication screen. Then, click the Add a platform button:

...

On the Configure platforms dialog box, select the Web option:

...

On the Configure Web dialog box, perform the following:

...

- Redirect URLs – enter a dummy URL.
- Implicit grant – select the ID tokens check box.
Then, click the Configure button.

The next step is creating a Client Secret for your new Azure app, as described in the following section.
 

Creating a New Client Secret

A Client Secret, also referred to as an Application Password, is needed in order to authenticate the new Azure app with Azure AD. After you create a client secret, you should copy and save it on an available location, because you will not be able to retrieve it later. However, if you cannot locate the original client secret, you can create a new one and use it to login to IncrediBuild Cloud. 

> To create a new client secret:

...

Open the Certificates & secrets page. Then, click the + New client secret option:

...

On the Add a client secret dialog box, perform the following:

...

  • Description - enter a free description.

  • Expires - select the Never radio button.

Then, click the Add button.

On the Certificates & secrets page – Client secrets section, copy the content of the Value column of your new app:

...

Assigning the New App to a Subscription and a Role

To access resources in a subscription, you must assign the new Ad app to one of your subscriptions, and to a Contributor role at that subscription level.

> To assign the new app to a subscription and a role:

  1. On Azure portal, enter in the Search box: Subscriptions.

  2. On the Subscriptions page, select the subscription to which you want to assign the new app:

    Image Removed

  3. On the selected Subscription page, select Access control (IAM).

  4. On the Access Control (IAM) page of the selected subscription, click the Add button in the Add a role assignment option:

    Image Removed

  5. On the Add role assignment dialog box, perform the following:

    Image Removed

    • Role – select Contributor.

    • Assign access to – leave the default option: Azure AD user, group, or service principal.

    • Select – select the new Azure AD app you created, by entering its name.

    Once you selected the required options, click the Save button.

You have now completed the creation of all the necessary login details for activating IncrediBuild Cloud solution, and you can start the activation procedure.

...