Create an Active Directory application and generate a client secret for the application in the Microsoft Azure portal. You must use the client secret when you configure a cloud account for Azure VMware Solution.
Prerequisites
- Ensure that you are using Microsoft Azure Cloud.
- Ensure that you have a valid subscription in the Microsoft Azure portal with an Active Directory integration.
Procedure
- Log in to the Microsoft Azure portal.
- Create an application and generate a secret for the application. For details, see Creating an Azure AD application and service principal that can access resources.
Complete the following tasks:
- Create an Azure Active Directory application.
Note:
- Ensure that the API Permission is 'Microsoft Graph User.Read'. Reader role for the Azure subscription with AVS private clouds deployed.
- Custom role with read permissions on resource providers 'Microsoft.AVS', 'Microsoft.VMware' and 'microsoft.connectedvmwarevsphere'.
- Navigate to Subscriptions and select your subscription.
- In the left pane, click Access Control (IAM) and then click, . Select the role you want to assign to the application. The minimum requirement is 'Reader' or above.
Note: To provide access to a specific resource(s), create a Resource Group for the resource(s) and give access at the resource group level.
- Click Select members, and in the right pane, search for and add one or more members you want to assign to the role for the resource.
- Click Review + assign.
- Generate a client secret for the application. For details, see Creating an Azure AD application and service principal that can access resources.
- Copy the subscription ID, directory (tenant) ID, application (client) ID, and client secret to use in your cloud account.