Versions Compared

Old Version 1

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version Current

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Before creating a vDiscovery job in NIOS and performing vDiscovery in Azure, you must integrate the create a discovery application and integrate it with Microsoft Entra ID (formerly Azure Active Directory (Azure AD) to provide secure sign in and authorization. To integrate the application with Azure AD, you must first register the application details with Azure AD through Entra ID in the Azure portal.

Excerpt
nameIntegrating_App_with_AD

You can also register a service principal using the Azure CLI or PowerShell. If you choose to use the CLI or PowerShell, refer to the Microsoft documentation for information about the Azure authentication mechanism and how to create a service principal with Azure Resource Manager

...

. If you choose to use the Azure portal to register a service principal, you may still need to use the Azure CLI or PowerShell to customize the access scope for the newly created service principal. The default scope of access

...

is the subscription scope that is associated with the user who creates the service principal.

To create and integrate

...

an application

...

in the Azure portal, complete the following steps:

...

  1. Sign in to your Microsoft Azure account.

  2. Register an application in the Azure portal:

    1. Click All Services

    2. Search for and click Microsoft Entra ID to open it, and then click App registrations in the left panel.
      Or,
      Click App registrations.

    3. In the App registrations panel, either select an existing

...

    1. application or click + New registration to add a new application.

...

    1. Azure_App_Registration_Panel.pngImage Added

    2. If you are adding a new application, enter the following details

...

    1. in

...

    1. the Register an application wizard

...

    1. to define your application:

...

      1. Name: Enter the name of your new application. The name identifies your application in Azure.

...

      1. Supported account types: Select the account type as Accounts in this organizational directory only.

...

      1. Redirect URI: Ensure that you use a unique URL for sign-

...

      1. in purposes.

      2. Click Register to add the application.
        Azure notifies you when the application is successfully created

...

Note
titleNote

To obtain token information for the endpoints, click the Endpoints icon next to + New registration in the App registration panel. Azure displays the Endpoints page that contains endpoint information for the discovery application. vDiscovery uses the OAuth 2.0 token endpoint (v1). Copy the link from the table and use it to define the vDiscovery endpoint in NIOS. The token corresponds to the Service Endpoint field in NIOS. For more information, refer to the Infoblox NIOS Documentation.

...

      1. and opens the Overview page of the application. The page displays details such as Display name, Application (client) ID, Directory (tenant) ID, and Object ID.

      2. Copy the values of Application ID and the Directory ID that will be used in NIOS as Client ID and Tenant ID respectively when you define vDiscovery or DNS synchronization configurations.

  2. Assign API permissions to your application to allow it to access the selected API.

    1. Click API permissions in the left panel, and then click + Add a permission in the API Permissions panel.

...

Note
titleNote

Ensure that you copy the Application ID and save this value for future use. This ID is used as the Client ID in your vDiscovery configuration.

...

    2. In the Request API permissions panel, under Microsoft APIs, click

...

    1. to select Azure Service Management as the API

...

    1. .

...

    1. Select Delegated permissions

...

    1.  and the user_impersonation checkbox to permit the application to access the API as a user.

      Image Added

    2. Click Add permissions.

  2. Generate a client secret for your application. The application uses it as credentials to identify itself to the authentication service. Complete the following:

    1. In the left panel, click Certificates & secrets, and then click + New client secret:

...

    1. In the Add a client secret wizard, complete the following:

      • Description: Enter a name or a description for the generated key.

...

      • Expires:

...

      • From the drop-down list, select an expiry for the

...

      • key.

...

titleImportant

...

      • Details of the client secret is displayed in the Client secrets section. The generated key is displayed in the Value field. It corresponds to the Client Secret in NIOS when you configure an admin account for your application required for vDiscovery jobs and DNS sync tasks.

    2. Click Add.
      Important:
      Click the Copy to clipboard icon to copy the key in the Value field and save it for future use.
      The key value is displayed only at the time of the creation of the client secret. You will not be able to retrieve the

...

    1. key after you leave the page

...

titleNote

...

    1. .

Image Removed

Validate all the configuration and information on this page. 

  1. Link the application to a subscription or a resource group, and then assign a role to control the access.
    You can configure a vDiscovery job or a DNS sync task in NIOS to discover resources and synchronize data from multiple subscriptions linked to the application.

...

  1. When you link the application to a subscription, all resources within the subscription will be discovered including the VMs, network interfaces, and

...

  1. virtual networks. If

...

  1. you do not need all entities within a subscription

...

  1. to be discovered, you can configure additional granularity by individually allotting permissions to a resource group.

...

  1. Resources such as VMs, network interfaces, and virtual networks within the specified resource groups will be discovered.

    1. According to the resources that must be discovered, perform one of the following:

...

      1. Navigate to All services

...

Image Removed

ii.  Click on the name for your subscription.

Image Removed

iii. Click Access control (IAM).

Image Removed

iv. Click Add.

Image Removed

b. To perform vDiscovery for resources on Resource group you need to perform the following:

i. Navigate to All services -> Resource groups.

Image Removed

ii. Click on the name for your Resource groups.

Image Removed

iii. Click Access control (IAM).

Image Removed

iv. Click Add

Image Removed

13. Expand the Role drop-down menu and select Reader.

14. In the Select box, type the name for your registered app, or locate and select it in the Selected members list.

15. Click Save. You have completed the vDiscovery configuration in Azure.

Note
titleNote
If

      1.  > Subscriptions and click the name of the subscription to link the application.

      2. Navigate to All services > Resource groups and click the name of your resource group to link the application.

    2. In the left panel, click Access control (IAM).

    3. In the Access control (IAM) panel, click + Add > Add role assignment.

    4. In the Add role assignment wizard:

      1. In the Role panel, click Reader to select the row, and then click Next.
        To discover and synchronize ALIAS records, you must assign the Contributor role to your registered application.

      2. In the Members panel, click + Select members.

      3. In the Select members panel, type the name of your registered application in the Select field to find it.

      4. In the results displayed, click the application name.
        The application gets added to the Selected members list.

      5. Click Select.

    5. Click Save.
      You have completed the configuration in Azure.

  2. Repeat Step 5 to associate multiple subscriptions or resources groups with the application.

Note

Note

If the Reader role IAM permission is given just to the VMs instead of

the Subscription or Resource group on Azure

a subscription or a resource group, then vDiscovery will not discover any virtual entities.

To configure vDiscovery jobs in NIOS, you must record the following information from the Azure portal:

...

  • Token Endpoint: This corresponds to the Service Endpoint field in NIOS. vDiscovery uses the OAUTH 2.0 TOKEN ENDPOINT (v1)

    , however,

    .
    The endpoint OAUTH 2.0 TOKEN ENDPOINT (v2) is not supported

    . You can copy this from the Endpoints panel

    .
    To obtain token information for the endpoints:

    1. In the Azure portal, navigate to All services > App registrations.

    2. In the App registrations panel, click Endpoints.
      The Endpoints page appears showing the endpoint information.

    3. Copy the link from the table and use it to define the vDiscovery endpoint in NIOS. For more information, refer to the Infoblox NIOS Documentation.

  • Application ID: This corresponds to the Client ID when you configure

    end point

    the information of an endpoint in NIOS.

  • Key: Copy the key from the Keys panel and use

    that for

    it in the Client Secret field in NIOS.

    The following describes the corresponding fields for Azure and NIOS when you configure vDiscovery job properties:
    Image Removed

...


  • vDiscovery Job Properties dialog box in NIOS

    vDiscovery_job_Properties_Azure.pngImage Added

Note

Note

You can specify the same client ID and client secret for a vDiscovery job in which multiple subscriptions are associated with a single application.

...