Virtana recommends using the Azure CLI for the best integration experience.
1. Create an Active Directory Application in Azure
- In a separate tab, open the Azure portal and select Azure Active Directory from the left or top menu.
- Select App registrations from the Manage options.
- Select + New Registration at the top.
- Provide a name for the application (e.g.,
- Select Accounts in this organizational directory only (Default Directory only - Single tenant) for Supported Account Types.
- Find the Redirect URI (optional) section. Select Web and input
- Select Register at the bottom of the window.
2. Get the Application ID, Application Key, & Tenant ID from Azure
Once you have completed part 2, you are redirected to the
CloudWisdom-Integration’s overview page.
- Copy the Application (client) ID and paste the ID into the Client ID field in CloudWisdom. Then Copy the Directory (tenant) ID and paste it into the Tenant ID field.
- Select Certificates & secrets.
- Select + New client secret
- Provide a description and select an Expiration for the key.
- Select Add. The Secret is now listed in the Client secrets section.
- Copy the secret’s Value and return to the tab with CloudWisdom open. Paste it into the Access Key field. Once it’s pasted, return to the Azure tab.
- Note: the access key is only shown in the Azure portal for a few minutes.
3. Set Delegated Permissions in Azure
- In Azure, navigate to the API Permissions section of your
- Select + Add a permission. A side panel appears.
- Select the Azure Service Management card.
- Select Delegated Permissions.
- Note: Granting delegated permissions authorizes the registered application (CloudWisdom) to make requests to the Azure API only. Details of what data can be read is configured in the next step.
- Enable the user_impersonation permission.
- Select Add permissions.
4. Collect Subscription ID and Set Role
To assign a role to the application, you’ll need the Owner or User Access Administrator role in Azure (the Contributor role will not work) or a custom role that grants write access for
- Navigate to Home > Subscriptions in Azure.
Select the Subscription Name your new app belongs to.
While here, ensure the microsoft.insights resource provider is registered as it’s needed to gather performance metrics for your Azure objects.
Copy the Subscription ID and return to the tab with CloudWisdom open. Paste it into the appropriate field. Once it’s pasted, return to the Azure tab.
Navigate to this subscription’s Access Control (IAM) tab.
Select Add > Add role assignment. A side panel appears.
Complete the following fields:
- Role: Reader
- Assign access to: Azure AD user, group, or service principal
- Select: Enter the name of the app you created in section 2 and select the app.
- Note: You can verify the permissions by selecting Role Assignments and searching for the CloudWisdom application.
Return to CloudWisdom, verify each field has been filled in accurately, and then click the Save button.
Follow the instructions on Guest OS Diagnostic Metrics to enable guest OS diagnostic metrics on your VMs. These metrics are required for CloudWisdom’s Azure cost reports.