Azure account creation for Cloud Solution Provider
Published On
Nov 06, 2024 - 7:20 AM
Azure account creation for Cloud Solution Provider
Creating a CSP account.
To use Azure in your tenant, you need to create a master account and one or more asset accounts. You can use the tenant to apply logical separation of concerns and enforce access controls.
You can also create separate Asset Accounts for provisioning and make them available to the right teams who use Enterprise Marketplace for provisioning. Similarly, asset accounts added for asset discovery are only used by the systems that perform asset discovery.
Although you can give your users access using the master account, this is not recommended because it would give your clients full access to every service that Azure offers.
This section provides direction on how to create accounts using the UI. For more information about managing accounts, see Managing provider accounts.
Prerequisites
Before an Azure account can be create for Cloud Solution Provider, the following prerequisites must be met:
role in Enterprise Marketplace to access the Catalog Management page to import catalogs.
A user with the
Service Designer
role to preview the catalogs on the
Catalog Management
page.
Creating asset accounts
Asset accounts are used to provide access to your users to the services that Azure provides. They are primarily used for these purposes:
Enterprise Marketplace for Provisioning
Common Discovery for Asset Discovery
Each account provides access to a specific list of services offered by Azure. Create a separate asset account for each group of users that you want to provide a separate set of service privileges to. You can create any number of asset accounts. For more information, see Managing asset accounts.
Although you can give your users access using the master account, this is not recommended because it would give your clients full access to every service that Azure offers.
Optionally, provide a more thorough description of the account.
Subscription ID:
Enter the Subscription ID for your Microsoft Azure account.
Offer ID:
Leave this blank because this is a CSP account.
Tenant ID:
Enter the Tenant ID or Domain for your Azure account.
Select Existing Master Account:
Select the Azure master account you want to associate this asset account to.
Status:
Set the account as either
Active
or
Inactive
.
In the
Credentials
section of the newly created account, click
Add Credential
. Credentials are required to authenticate with Azure so that the selected purpose can be accomplished. You can add multiple credentials to an account.
In the
Add Credential
window, enter the following parameters and then click
Add
:
Name:
Provide a descriptive name for the new credential.
Purpose:
Select a purpose for the credential from these options:
Asset Ingestion:
Sets the credential to ingest Azure services.
Provisioning:
Select this to allow the credential to provision Azure services using Enterprise Marketplace.
Asset Discovery:
Sets the credential to discover Azure services using Common Discovery.
Description:
Optionally, provide a more thorough description of the account.
Status:
Set the account as either
Active
or
Inactive
.
Credential Reference ID:
Select an existing ID or enter a new one. If the ID is new, you will be prompted to enter the following parameters and
Create New or Update Credential in Vault
will automatically be selected. When you are finished, click
Test Connection
to make sure that the communication with Azure works.
Client ID:
Provide the Azure client ID for the account.
Secret Key:
Enter the password needed to access the account.
In the
Associate this credential with a business entity
, you can have this credential only apply to a certain custom context within your organization. These vary by organization and can be freely created to help organize your users. For more information, see Setting up context type.
Setting up pricing
The Azure CSP provider supports the following types of rate cards:
Enterprise agreements and pay-as-you-go global rate cards
Custom rate cards
CSP rate cards
Rate card updates trigger when the user navigates from Enterprise Marketplace's
Main Parameters
page to the
Additional Parameters
page for the Catalog Place Order flow.
Requirements
The following requirements must be met before the rate card can be updated:
The difference between last updated time and current time should be greater than 7200 seconds or two (2) hours.
The new rate card’s checksum should be different from the old rate card’s checksum in the database.
The account selected on the
Main Parameters
page for the Catalog Place Order flow must be a CSP owner account. The account needs to have the following credentials, or the update will skip that CSP customer:
domain
appID
cspKey
Pricing scenarios
The following are the pricing scenarios for Azure:
For a pay-as-you-go or enterprise agreement account, estimated cost is fetched from the global rate card.
For a CSP customer without a domain, appID, or cspKey:
If the custom rate card is manually uploaded using the script, the estimated cost is fetched from the custom rate card.
If no custom rate card is manually uploaded using the script, the estimated cost is fetched from the global rate card.
For a CSP owner account with a domain, appID, or cspKey, the rate card is fetched, downloaded, and saved in the database.
Applying pricing rule discounted or up-charged pricing displays as per the pricing rule.