Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Before creating a vDiscovery job and performing vDiscovery in Azure, you must integrate the discovery application with Microsoft Entra ID (previously, Azure Active Directory) to provide secure sign in and authorization. To integrate the application with Azure AD, you must first register the application details with Azure AD through the Azure portal.

You can also register a service principal using the Azure CLI or PowerShell. If you choose to use the CLI or PowerShell, refer to the Microsoft documentation for information about the Azure authentication mechanism and how to create a service principal with Azure Resource Manager.

If you choose to use the Azure portal to register a service principal, you may still need to use the Azure CLI or PowerShell to customize the access scope for the newly created service principal. The default access scope is the subscription scope that is associated with the user who creates the service principal.

To create and integrate a vDiscovery application through the Azure portal:

  1. In the Microsoft Azure portal, click All Services.
  2. Search for “Microsoft Entra ID” and click Microsoft Entra ID to open it.
  3. Click App Registrations in the left panel.
  4. In the App registrations panel, either select an existing discovery application or click + New registration to add a new application.


  5. If you are adding a new application, enter the following details in the  Register an application wizard to define your application, and then click Register to add the application:
    Name: Enter the name of your new application.
    Supported account types: Select the account type.
    Redirect URI: Ensure that you use a unique URL for sign-on purposes.
    Azure notifies you when the application is successfully created.


    Note:
    To obtain token information for the endpoints, click the Endpoints icon next to + New registration in the App registration panel. Azure displays the Endpoints page that contains endpoint information for the discovery application. vDiscovery uses the OAuth 2.0 token endpoint (v1). Copy the link from the table and use it to define the vDiscovery endpoint in NIOS. The token corresponds to the Service Endpoint field in NIOS. For more information, refer to the Infoblox NIOS Documentation.




  6. Select and click the application to display its details.
    The Overview page displays details about your application, such as Display name, Application ID, Directory ID, and Object ID. Copy the Application ID and save it for future use. This ID is used as the Client ID in your vDiscovery configuration.


  7. Click API permissions in the left panel, and then click + Add a permission in the API Permissions panel.


  8. In the Request API permissions panel, click APIs my organization uses.

  9. Select Windows Azure Service Management API from the list.


  10. Select Delegated permissions and the Access Azure Service Management as organization users (preview) checkbox, and then click Add permissions.



  11. In the left panel, click Certificates & secrets, and then click + New client secret:
    In the Add a client secret wizard, complete the following and click Add:
    Description: Enter a name or description for the generated key.
    Expires: From the drop-down list, select an expiry for the key.
    Details of the client secret is displayed in the Client secrets section. The generated key is displayed in the Value field. It corresponds to the Client Secret in NIOS when you configure vDiscovery jobs.

    Important    :
    Click the Copy to clipboard icon to copy the key in the Value field and save it for your vDiscovery jobs.
    The key value is displayed only at the time of the creation of the client secret. You will not be able to retrieve the key after you leave the page.

  12. Validate all the configuration and information on this page.
    Note that the vDiscovery in Azure is performed on the whole subscription, or resource groups linked to the application.

    • Subscription: All entities within the subscription will be discovered including the VMs, network interfaces, and VNets.
    • Resource group: All entities within the specified resource groups will be discovered including the VMs, network interfaces, and VNets. If the discovery of all entities within a subscription is not desired, additional granularity in vDiscovery can be achieved by individually allotting permissions to a resource group.
  13. Perform the vDiscovery on Subscription or Resource group linked to your Azure application.
    1. To perform vDiscovery for resources in a subscription, perform the following:
      1. Navigate to All services -> Subscriptions.
      2. Click the name of your subscription to display its details.

      3. In the left panel, click Access control (IAM).


      4. Click Add > Add role assignment.

    2. To perform vDiscovery for resources in a resource group, complete the following:
      1. Navigate to All services -> Resource groups.

      2. On the Resource groups page, click the name of your resource group to display its details.

      3. In the left panel, click Access control (IAM).


      4. Click Add > Add role assignment.

  14. In the Add role assignment wizard, select Reader in the Role drop-down list.
  15. In the Select box, type the name of your registered app, or locate and select it in the Selected members list.
  16. Click Save. You have completed the vDiscovery configuration in Azure.

Note

If Reader role IAM permission is given just to VMs instead of a subscription or a resource group on Azure, then vDiscovery will not discover any virtual entities.


To configure vDiscovery jobs in NIOS, you must record the following information from the Azure portal:

  • Token Endpoint: This corresponds to the Service Endpoint field in NIOS. vDiscovery uses the OAUTH 2.0 TOKEN ENDPOINT (v1), however, OAUTH 2.0 TOKEN ENDPOINT (v2) is not supported. You can copy this from the Endpoints panel.
  • Application ID: This corresponds to the Client ID when you configure the information of an end point in NIOS.
  • Key: Copy the key from the Keys panel and use that for the Client Secret field in NIOS.

    The following describes the corresponding fields for Azure and NIOS when you configure vDiscovery job properties:

Note

You can specify the same client ID and client secret for a vDiscovery job in which multiple subscriptions are associated with a single application.

  • No labels