Page Comparison

 If you choose to use the Azure portal to register a service principal, you may still need to use the Azure CLI or PowerShell to customize the access scope for the newly created service principal. The default scope of access

is the subscription scope that is associated with the user who creates the service principal.

To create and integrate

an application

in the Azure portal, complete the following steps:

1. Sign in to your Microsoft Azure account.

2. Register an application in the Azure portal:

   1. Click All Services

   2. Search for and click Microsoft Entra ID to open it

1. 1. , and then click App registrations in the left panel.
      Or,
      Click App registrations.

   2. In the App registrations panel, either select an existing

1. 1. application or click + New registration to add a new application.

1. 1. Image Added

   2. If you are adding a new application, enter the following details in the Register an application wizard to define your

1. 1. application:

1. 1. 1. Name: Enter the name of your new application. The name identifies your application in Azure.

1. 1. 1. Supported account types: Select the account type as Accounts in this organizational directory only.

1. 1. 1. Redirect URI: Ensure that you use a unique URL for sign-

1. 1. 1. in purposes.

      2. Click Register to add the application.
         Azure notifies you when the application is successfully created

1. 1. 1. and opens the Overview page of the application. The page displays details such as Display name, Application (client) ID, Directory (tenant) ID, and Object ID.

1. 1. 2. Copy the values of Application ID and

1. 1. 1. the Directory ID that will be used in NIOS as Client ID and Tenant ID respectively when you define vDiscovery or DNS synchronization configurations.

2. Assign API permissions to your application to allow it to access the selected API.

   1. Click API permissions in the left panel, and then click + Add a permission in the API Permissions panel.

1. 1. In the Request API permissions panel, under Microsoft APIs, click

1. 1. to select Azure Service Management as the API

1. 1. .

1. 1. Select Delegated permissions and the 

1. 1. user_impersonation checkbox to permit the application to access the API as a user.
      

      Image Added

   2. Click Add permissions.

2. Generate a client secret for your application. The application uses it as credentials to identify itself to the authentication service. Complete the following:

   1. In the left panel, click Certificates & secrets, and then click + New client secret:

   2. In the Add a client secret wizard, complete the following

1. 1. :

1. 1. • Description: Enter a name or a description for the generated key.

1. 1. • Expires: From the drop-down list, select an expiry for the key.
        Details of the client secret is displayed in the Client secrets section. The generated key is displayed in the Value field. It corresponds to the Client Secret in NIOS when you configure an admin account for your application required for vDiscovery jobs and DNS sync tasks.

   2. Click Add.
      Important:
      Click the Copy to clipboard icon to copy the key in the Value field and save it for

1. 1. future use.
      The key value is displayed only at the time of the creation of the client secret. You will not be able to retrieve the key after you leave the page.

1. Link the application to a subscription or a resource group, and then assign a role to control the access.
   You can configure a vDiscovery job or a DNS sync task in NIOS to discover resources and synchronize data from multiple subscriptions linked to the application.
   

1. When you link the application to a subscription, all resources within the subscription will be discovered including the VMs, network interfaces, and

1. virtual networks. If

1. you do not need all entities within a subscription

1. to be discovered, you can configure additional granularity by individually allotting permissions to a resource group.

1. Resources such as VMs, network interfaces, and virtual networks within the specified resource groups will be discovered.

   1. According to the resources that must be discovered, perform one of the following:

      1. Navigate to All services

1. 1. 1.  > Subscriptions and click the name of

1. 1. 1. the subscription to

1. 1. 1. link the application.

      2. Navigate to All services

1. 1. 1.  > Resource groups

1. 1. 1.  and click the name of your resource group to

1. 1. 1. link the application.

   2. In the left panel, click Access control (IAM).

1. 1. In the Access control (IAM) panel, click + Add > Add role assignment.

   2. In the Add role assignment wizard:

      1. In the Role panel,

1. 1. 1. click Reader to select the row, and then click Next.
         To discover and synchronize ALIAS records, you must assign the Contributor role to your registered application.

      2. In the Members panel, click + Select members.

      3. In the Select

1. 1. 1. members panel, type the name of your registered

1. 1. 1. application in the Select field to find it.

      2. In the results displayed, click the application name.
         The application gets added to the Selected members list.

      3. Click Select.

   2. Click Save.
      You have completed the

1. 1. configuration in Azure.

2. Repeat Step 5 to associate multiple subscriptions or resources groups with the application.