Enabling Azure BYOA
CloudShare supports Bring Your Own Account (BYOA) capabilities when using the Microsoft Azure public cloud infrastructure as an external cloud resource.
Using your own account to orchestrate Azure environments in CloudShare can save you time, since it eliminates the need to duplicate them or move them out of Azure.
Settings Needed by CloudShare Support
The following Azure account settings are needed by CloudShare to provide the authorization to enable BYOA.
-
Client ID: [
Azure Application (client) ID
] -
Tenant ID: [
Directory (tenant) ID
] -
Subscription ID: [
Subscription ID
] -
Client Secret: [
New Client Secret
] - Domain Name: [
Domain Name
]
Copy the list above and paste it into a blank email as your template. Then follow the procedure detailed below to specify all required settings from your Azure application pages. When it is ready, send this email to CloudShare Support.
Getting the Required Settings from Azure
Perform the following detailed steps to get the settings that are needed by CloudShare. (For general instructions on creating a new app registration in Azure, click here.)
-
Create a new App registration
-
Create a new subscription
-
Create the BYOA credentials
-
Assign an Admin role to the new App
-
Send the collected settings to CloudShare
-
From the Azure App registrations page, click New registration.
The Register an application page is displayed.
-
In the Name field, enter a name for the application.
-
From the Who can use this application or access this API? list, select the Accounts in this organizational directory only (… Single tenant) radio button.
-
Leave the Redirect URI (optional) section empty.
-
Click Register. The App registration Overview page will be displayed.
-
-
From the Overview page that is displayed:
-
Copy the value for Application (client) ID and paste it next to the Client ID field in the email described in the previous section.
-
Copy the value for Directory (tenant) ID and paste it next to the Tenant ID field in your email.
-
Copy the value for Display name. You will use this in the next step.
-
-
From the Subscriptions page, create a new blank subscription. (Doing this will avoid software errors that might exist in an existing subscription.)
Navigate to Access control (IAM) and click Add > Add role assignment.
Click the Owner role, then:
-
Click Next.
-
Click +Select members.
-
Paste the value for Display name that you copied in the previous step.
-
From the list that appears, select your new app.
-
Click Next.
-
Click Review + assign. The assignment will be performed and a notification will appear upon completion (typically within 10 seconds).
-
From the Role assignments tab, verify that your new app is registered in the grid as follows:
Type=”App” Role=”Owner” Scope=”This resource” Condition=”None” -
From the Overview page of the new subscription, copy the value for Subscription ID and paste it into the Subscription Id field in your email template.
-
-
Return to the App Registrations list and create your credentials:
-
Select your newly registered app (See Step 1).
-
Navigate to Certificates and Secrets.
-
From the Client secrets tab, click New client secret.
-
In the Description field, enter the text “Cloudshare BYOA Auth Key”.
-
In the Expires field, set the period you want to be able to use Cloudshare’s BYOA services.
Note
Each time this period expires, the subscription will be disconnected from CloudShare services and you will need to create and use a new Client Secret.
-
Click Add. A new Client Secret key will be added.
-
Copy the text from the Value column. This value is displayed only once. Do not navigate to another page before copying it. (If you did not copy it, delete the current Client Secret key and add a new key, as described in the steps above.)
-
Paste the Client Secret value next to the Client Secret field in your email template.
-
-
From the Azure Active Directory page, add an Admin Role for your app:
-
Open Roles and Administrators. The current list of Roles is displayed.
-
Locate and open User Administrator.
-
Click Add assignments. The Add assignments dialog appears.
-
Select or enter the name of the application you registered in Step 1.
-
Click Add. The assignment will be created.
-
Wait 1 minute, then verify that the Role was assigned to the relevant registered application.
-
- Go to the Azure Active Directory page.
Navigate to Custom Domain Names.
- Add a custom domain name.
- Insert your domain name.
- Create a TXT record in your DNS provider with the value that Azure provides.
-
Send the completed email (with all five fields filled in) to CloudShare Support for further action.
Comments
0 comments
Article is closed for comments.