Cloud Services

Enterprise Marketplace

Azure account creation for Cloud Solution Provider
Published On Dec 17, 2024 - 12:58 PM

Azure account creation for Cloud Solution Provider

Learn how to create a Cloud Solution Provicer (CSP) account.
To use Azure in your tenant, you need to create a master account and one or more asset accounts. You can use the tenant to apply logical separation of concerns and enforce access controls.
You can also create separate Asset Accounts for provisioning and make them available to the right teams who use Enterprise Marketplace for provisioning. Similarly, asset accounts added for asset discovery are only used by the systems that perform asset discovery.
Although you can give your users access using the master account, this is not recommended because it would give your clients full access to every service that Azure offers.
This section provides direction on how to create accounts using the UI. For more information about managing accounts, see Managing provider accounts.

Prerequisites

Before an Azure account can be create for Cloud Solution Provider, the following prerequisites must be met:
  • Create an Asset account and add credentials.
  • A user with the
    Provider Account Admin
    role to manage Provider Accounts and Credentials. For more information, see How to Onboard an Azure Account (sharepoint.com).
  • A user with the
    Catalog Administrator
    role in Enterprise Marketplace to access the Catalog Management page to import catalogs.
  • A user with the
    Service Designer
    role to preview the catalogs on the
    Catalog Management
    page.

Creating asset accounts

Asset accounts are used to provide access to your users to the services that Azure provides. They are primarily used for these purposes:
  • Enterprise Marketplace for Provisioning
  • Common Discovery for Asset Discovery
Each account provides access to a specific list of services offered by Azure. Create a separate asset account for each group of users that you want to provide a separate set of service privileges to. You can create any number of asset accounts. For more information, see Managing asset accounts.
Although you can give your users access using the master account, this is not recommended because it would give your clients full access to every service that Azure offers.
To create an asset account, complete these steps:
  1. Navigate to the
    Provider Account
    page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. On the
    Account Management
    page, click the
    Asset Accounts
    tab.
  3. Click
    New Asset Account
    .
  4. On the
    Select a provider
    page, click
    azure
    .
  5. Fill in the following parameters and then click
    Create Account
    :
    • Name:
      Provide a descriptive name for the new account.
    • Description:
      Optionally, provide a more thorough description of the account.
    • Subscription ID:
      Enter the Subscription ID for your Microsoft Azure account.
    • Offer ID:
      Leave this blank because this is a CSP account.
    • Tenant ID:
      Enter the Tenant ID or Domain for your Azure account.
    • Select Existing Master Account:
      Select the Azure master account you want to associate this asset account to.
    • Status:
      Set the account as either
      Active
      or
      Inactive
      .
  6. In the
    Credentials
    section of the newly created account, click
    Add Credential
    . Credentials are required to authenticate with Azure so that the selected purpose can be accomplished. You can add multiple credentials to an account.
  7. In the
    Add Credential
    window, enter the following parameters and then click
    Add
    :
    • Name:
      Provide a descriptive name for the new credential.
    • Purpose:
      Select a purpose for the credential from these options:
      • Asset Ingestion:
        Sets the credential to ingest Azure services.
      • Provisioning:
        Select this to allow the credential to provision Azure services using Enterprise Marketplace.
      • Asset Discovery:
        Sets the credential to discover Azure services using Common Discovery.
    • Description:
      Optionally, provide a more thorough description of the account.
    • Status:
      Set the account as either
      Active
      or
      Inactive
      .
    • Credential Reference ID:
      Select an existing ID or enter a new one. If the ID is new, you will be prompted to enter the following parameters and
      Create New or Update Credential in Vault
      will automatically be selected. When you are finished, click
      Test Connection
      to make sure that the communication with Azure works.
      • Client ID:
        Provide the Azure client ID for the account.
      • Secret Key:
        Enter the password needed to access the account.
    • In the
      Associate this credential with a business entity
      , you can have this credential only apply to a certain custom context within your organization. These vary by organization and can be freely created to help organize your users. For more information, see Setting up context type.

Setting up pricing

The Azure CSP provider supports the following types of rate cards:
  • Enterprise agreements and pay-as-you-go global rate cards
  • Custom rate cards
  • CSP rate cards
Rate card updates trigger when the user navigates from Enterprise Marketplace's
Main Parameters
page to the
Additional Parameters
page for the Catalog Place Order flow.

Requirements

The following requirements must be met before the rate card can be updated:
  • The difference between last updated time and current time should be greater than 7200 seconds or two (2) hours.
  • The new rate card’s checksum should be different from the old rate card’s checksum in the database.
  • The account selected on the
    Main Parameters
    page for the Catalog Place Order flow must be a CSP owner account. The account needs to have the following credentials, or the update will skip that CSP customer:
    • domain
    • appID
    • cspKey

Pricing scenarios

The following are the pricing scenarios for Azure:
  • For a pay-as-you-go or enterprise agreement account, estimated cost is fetched from the global rate card.
  • For a CSP customer without a domain, appID, or cspKey:
    • If the custom rate card is manually uploaded using the script, the estimated cost is fetched from the custom rate card.
    • If no custom rate card is manually uploaded using the script, the estimated cost is fetched from the global rate card.
  • For a CSP owner account with a domain, appID, or cspKey, the rate card is fetched, downloaded, and saved in the database.
  • Applying pricing rule discounted or up-charged pricing displays as per the pricing rule.
Do you have two minutes for a quick survey?
Take Survey