Versions Compared

Old Version 6

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version 7

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before creating a vDiscovery job and performing vDiscovery in Azure, you must integrate the discovery application with Microsoft Entra ID (previously, Azure Active Directory (Azure AD) to provide secure sign in and authorization. To integrate the application with Azure AD, you must first register the application details with Azure AD through the Azure portal.

...

  1. In the Microsoft Azure portal, click All Services.
  2. Search for “Azure Active Directory” “Microsoft Entra ID” and click to open Azure Active Directory Microsoft Entra ID.
  3. Click App Registrations in the left panel.
  4. In the App registrations panel, either select an existing discovery application or click + New registration to add a new application.


  5. If you are adding a new application, enter the following details to define your application in the Register an application wizard, and then click Register to add the application:
    Name: Enter the name of your new application.
    Supported account types: Select the account type.
    Redirect URI: Ensure that you use a unique URL for sign-on purposes.
    Azure notifies you when the application is successfully created.


    Note:
    To obtain token information for the endpoints, click the Endpoints icon next to + New registration in the App registration panel. Azure displays the Endpoints page that contains endpoint information for the discovery application. vDiscovery uses the OAuth 2.0 token endpoint (v1). Copy the link from the table and use it to define the vDiscovery endpoint in NIOS. The token corresponds to the Service Endpoint field in NIOS. For more information, refer to the Infoblox NIOS Documentation.




  6. Select and click the application from the list. The Azure portal displays details about your application, such as Display name, Application ID, Directory ID, and Object ID. Click API permissions in the left panel, and then click + Add a permission in the API Permissions panel.
    Ensure that you copy the Application ID and save this value for future use. This ID is used as the Client ID in your vDiscovery configuration.


  7. In the Request API permissions panel, click APIs my organization uses.

  8. Select Windows Azure Service Management API from the list.


  9. Select Delegated permissions and Access Azure Service Management as organization users (preview) checkbox, and then click Add permission.



  10. In the left panel, click Certificates & secrets, and then click +New client secret:
    Description: Enter a name or description for the generated key.
    Expires: Select expiry time for the generated key.
    Value: The key will be displayed here after you select the expiry time and save the configuration.

    Important    :
    Copy the key in the Value field at the time of creation and save it for your vDiscovery jobs. You will not be able to retrieve the value after you leave the page. The value corresponds to the Client Secret in NIOS when you configure vDiscovery jobs.


  11. Validate all the configuration and information on this page.
    Note that the vDiscovery in Azure is performed on the whole subscription, or resource groups linked to the application.

    • Subscription: All entities within the subscription will be discovered including the VMs, network interfaces, and VNets.
    • Resource group: All entities within the specified resource groups will be discovered including the VMs, network interfaces, and VNets. If the discovery of all entities within a subscription is not desired, additional granularity in vDiscovery can be achieved by individually allotting permissions to a resource group.
  12. Perform the vDiscovery on Subscription or Resource group linked to your Azure application.
    1. To perform vDiscovery for resources on Subscription you need to perform the following:
      1. Navigate to All services -> Subscriptions.


      2. Click on the name for your subscription.


      3. Click Access control (IAM).


      4. Click Add.


    2. To perform vDiscovery for resources on Resource group you need to perform the following:
      1. Navigate to All services -> Resource groups.


      2. Click on the name for your Resource groups.


      3. Click Access control (IAM).


      4. Click Add


  13. Expand the Role drop-down menu and select Reader.
  14. In the Select box, type the name for your registered app, or locate and select it in the Selected members list.
  15. Click Save. You have completed the vDiscovery configuration in Azure.

...