Cloud Services

Enterprise Marketplace

Azure account creation for pay as you go
Published On Jun 13, 2024 - 1:04 PM

Azure account creation for pay as you go

To use Azure, you need to create a master account and one or more asset accounts.
You can use your application to apply logical separation of concerns and enforce access controls. You would be able to provide access to Master Accounts required for billing access to Cost & Asset Management (CAM), and add your teams that require this access to CAM with the correct roles.
You can also create separate Asset Accounts for provisioning and make them available to the right teams who would use Enterprise Marketplace for provisioning. Similarly, asset accounts added for asset discovery are only used by systems that perform asset discovery.
Although you can give your users access using the master account, this is not recommended because it would give your clients full access to every service that Azure offers.
This section provides direction on how to create accounts using the UI. For more information about managing accounts, see Managing provider accounts.

Creating a master account

A master account provides the direct connection back to Azure. The master account is also used by Cost & Asset Management for these purposes:
  • Cost Ingestion:
    Ingestion of the cost based on the billing account. This fetches the cost of the entire organization including all subscriptions.
  • Cost Subscription:
    Ingestion of the cost based on the specified subscription only.
Complete the following steps to create an Azure master account. For more information, see Managing master account.
  1. Navigate to the
    Provider Account
    page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. On the
    Account Management
    page’s
    Master Accounts
    tab, click
    New Master Account
    .
  3. On the
    Select a provider
    page, click
    azure
    .
  4. Fill in the following parameters and then click
    Create Account
    :
    • Name:
      Provide a descriptive name for the new account.
    • Description:
      Optionally, provide a more thorough description of the account.
    • Subscription ID:
      Enter the Subscription ID for your Microsoft Azure account for Cost Subscription.
    • Enterprise Agreement Enrollment Number:
      Enter the EA number for your Azure account for Cost Ingestion.
    • Tenant ID:
      Enter the Tenant ID or Domain for your Azure account for Cost Subscription.
    • Status:
      Set the account as either
      Active
      or
      Inactive
      .
  5. In the
    Credentials
    section of the newly created account, click
    Add Credential
    . Credentials are required to authenticate with Azure so that the selected purpose can be accomplished. You can add multiple credentials to an account.
  6. In the
    Add Credential
    window, enter the following parameters and then click
    Add
    :
    • Name:
      Provide a descriptive name for the new credential.
    • Purpose:
      Select a purpose for the credential from these options:
      • Cost Ingestion:
        Select this to allow the credential to ingest a rate card.
      • Cost Subscription:
        Select this to allow the account to work with CAM.
    • Status:
      Set the account as either
      Active
      or
      Inactive
      .
    • Credential Reference ID:
      Select an existing ID or enter a new one. If the ID is new, you will be prompted to enter the following parameters and
      Create New or Update Credential in Vault
      will automatically be selected. Depending on the
      Purpose
      that you selected, the following parameters will need to be entered. When you are finished, click
      Test Connection
      to make sure that the communication with Azure works.
      • Cost Ingestion:
        • Account Number:
          Enter your Azure account number.
        • API Key:
          Enter the API Key needed to access with the account.
      • Cost Subscription:
        • Client ID:
          Provide the Azure client ID for the account.
        • Secret Key:
          Enter the password needed to access the account.
    • In the
      Associate this credential with a business entity
      section, you can have this credential only apply to a certain custom context within your organization. These vary by organization and can be freely created to help organize your users. For more information, see Setting up context type.
  7. You can create an asset account from the master account by clicking
    Add New
    in the
    Asset Accounts
    section. The
    New Asset Account
    page opens that has the master account automatically selected in the
    Select Existing Master Account
    field. For more information about the parameters, see the next section.

Creating asset accounts

Asset accounts are used to provide access to your users to the services that Azure provides. They are primarily used for these purposes:
  • Enterprise Marketplace for Provisioning
  • Cost & Asset Management (CAM) for Asset Ingestion
  • Common Discovery for Asset Discovery
Each account provides access to a specific list of services offered by Azure. Create a separate asset account for each group of users that you want to provide a separate set of service privileges to. You can create any number of asset accounts. For more information, see Managing asset account.
Although you can give your users access using the master account, this is not recommended because it would give your clients full access to every service that Azure offers.
To create an asset account, complete these steps:
  1. Navigate to the
    Provider Account
    page. To learn more about navigating to the different services from each tenant, refer to Landing page navigation or Kyndryl Bridge Landing page navigation.
  2. On the
    Account Management
    page, click the
    Asset Accounts
    tab.
  3. Click
    New Asset Account
    .
  4. On the
    Select a provider
    page, click
    azure
    .
  5. Fill in the following parameters and then click
    Create Account
    :
    • Name:
      Provide a descriptive name for the new account.
    • Description:
      Optionally, provide a more thorough description of the account.
    • Subscription ID:
      Enter the Subscription ID for your Microsoft Azure account.
    • Offer ID:
      Enter the Offer ID for your Azure account. Leave this blank because this is a CSP account.
    • Tenant ID:
      Enter the Tenant ID or Domain for your Azure account.
    • Select Existing Master Account:
      Select the Azure master account you want to associate this asset account to.
    • Status:
      Set the account as either
      Active
      or
      Inactive
      .
  6. In the
    Credentials
    section of the newly created account, click
    Add Credential
    . Credentials are required to authenticate with Azure so that the selected purpose can be accomplished. You can add multiple credentials to an account.
  7. In the
    Add Credential
    window, enter the following parameters and then click
    Add
    :
    • Name:
      Provide a descriptive name for the new credential.
    • Purpose:
      Select a purpose for the credential from these options:
      • Asset Ingestion:
        Sets the credential to ingest Azure services using Cost & Asset Management.
      • Provisioning:
        Select this to allow the credential to provision Azure services using Enterprise Marketplace.
      • Asset Discovery:
        Sets the credential to discover Azure services using Common Discovery.
    • Description:
      Optionally, provide a more thorough description of the account.
    • Status:
      Set the account as either
      Active
      or
      Inactive
      .
    • Credential Reference ID:
      Select an existing ID or enter a new one. If the ID is new, you are prompted to enter the following parameters and
      Create New or Update Credential in Vault
      is automatically selected. When you are finished, click
      Test Connection
      to make sure that the communication with Azure works.
      • Client ID:
        Provide the Azure client ID for the account.
      • Secret Key:
        Enter the password needed to access the account.
    • In the
      Associate this credential with a business entity
      , you can have this credential only apply to a certain custom context within your organization. These vary by organization and can be freely created to help organize your users. For more information, see Setting up context type.

Setting up pricing

The Azure CSP provider supports the following types of rate cards:
  • Enterprise agreements and pay-as-you-go global rate cards
  • Custom rate cards
  • CSP rate cards
Rate card updates trigger when the user navigates from Enterprise Marketplace's
Main Parameters
page to the
Additional Parameters
page for the Catalog Place Order flow.

Requirements

The following requirements must be met before the rate card can be updated:
  • The difference between last updated time and current time should be greater than 7200 seconds or two (2) hours.
  • The new rate card’s checksum should be different from the old rate card’s checksum in the database.
  • The account selected on the
    Main Parameters
    page for the Catalog Place Order flow must be a CSP owner account. The account needs to have the following credentials:
    • domain
    • appID
    • cspKey
  • The update skips CSP customers without a domain, appID, or cspKey.

Pricing scenarios

The following are the pricing scenarios for Azure:
  • For a pay_as_you_go or enterprise agreement account, estimated cost is fetched from the global rate card.
  • For a CSP customer without a domain, appID, or cspKey:
    • If the custom rate card is manually uploaded using the script, the estimated cost is fetched from the custom rate card.
    • If no custom rate card is manually uploaded using the script, the estimated cost is fetched from the global rate card.
  • For a CSP owner account with a domain, appID, or cspKey, the rate card is fetched, downloaded, and saved in the database.
  • Applying pricing rule discounted or up-charged pricing displays as per the pricing rule.
Do you have two minutes for a quick survey?
Take Survey