Learn how to configure DevOps Intelligence for the integration of Azure Resource Manager to broaden the observability of your hybrid IT estate.
Access rights for Azure
The account should have registration of the application of that particular subscription and have at least the
Read
access/role. For that purpose, a new key should be created. Then, the client Secret Key, Client ID, and Tenant ID are used to create/configure an account in DevOps Intelligence to pull data from Azure Cloud.
Use the following procedure to create a client Secret Key respective Application Account for Azure Cloud:
Log in to the Azure portal using your Azure account:
Select
Azure Active Directory
from the left navigation.
Select the
App registrations
from the left panel on the
Default directory
page.
Select the
New Registration
option from the
App Registration
pane.
Type in the following information regarding the
Create
pane:
Field
Description
Sample
Name
Name for the new application. Type in the desired application name.
GraphConnectorApp
Redirect URI (optional)
Returns an authentication response after successfully authenticating a user.
Edit the manifest file and change the value of the
oauth2AllowImplicitFlow
parameter to
true
after the application is created.
Select
Save
.
Add permissions.
The status for all permissions will turn green on adding the required permissions.
Select the
Add
button of the
Create a Custom Role
section.
Create a
Custom role
and
Add
permissions according to his requirements.
Selects the
resource type
,
resource
, and
Add Permissions
according to his requirements.
Selects
Review+Create.
Generate secret key
Use the following procedure to generate a secret key:
From
Azure Active Directory Admin Centre
, select the created Application from the list of App Registrations and
Create Certificates and Secrets
for the completed Application.
Log in to the Azure portal and select the created application name.
From the
Settings
pane, he selects the
Keys
option.
From the Keys pane, he types in the
Description
, selects the
Expiration
period and then selects the
Save
button.
From the
Keys
pane, copy the encoded key value, and select save. This key value cannot be retrieved after leaving this pane. This encoded key value is the client's Secret Key that will be a part of the authentication credential.
Add the
Created custom role
to the created Application.
Get tenant ID
Use the following procedure to acquire the Tenant ID:
From Azure
Active Directory Admin Center
, navigate to the App Registrations pane.
Log in to the Azure portal and select the following menu selection:
Azure Active Directory
→
App Registrations
.
From
App Registrations
pane, click
Endpoints
option.
From the
Endpoints
pane, select the copy icon next to the
OAuth 2.0 Token Endpoint
option and
Save
the value.
Copy the value between microsoftonline.com/ and /oauth2/token from the copied endpoint URL. This is the Tenant ID that is part of the authentication credential.
Get the Client ID
Use the following procedure to acquire the Client ID:
From
Azure Active Directory Admin Center
, open the created application.
Select the
Settings
option.
Log in to the Azure portal and select the created application name.
From the
Settings
pane, copy the
Application ID
value. This is the Client ID that will be part of the authentication credential.
Kyndryl IAM connection
From Kyndryl applications' landing page, select the main menu or the
Manage IAM
tile.
Select Admin and then, click
IAM
.
On the IAM screen, select the
Connections
tab from the left panel.
Select the
Add New
Drop-down menu.
Select the
Add a Connection
.
Select the Technology Category as
Cloud Provider
.
Select
Azure Cloud
.
Enter the
Account Number
,
Access Key Id
, and
Access Secret Key
from the Azure account referred to in the previous section.
Validate your credentials by selecting
Test connection
.
Once the connection is successful, select.
Add
to create a connection.
Even though it is shown as optional in the picture above, the "subscriptionId" column, along with the other obligatory values, is required to bring data for Azure clusters.