Onboard Your Microsoft Azure Cloud Account

After signing up with Aviatrix Cloud Network Security Platform-as-a-Service (Aviatrix PaaS), you need to connect your cloud accounts with the Aviatrix Platform. When your cloud account is onb onboarded, the Aviatrix Platform can discover, monitor, and manage the assets im your Azure network.

The account onboarding process requires you to copy some information from your Azure account to the Aviatrix Platform.

Prerequisite

Have the following information available for an Azure application:

  • Subscription ID

  • Directory ID

  • Application ID

  • Client Secret

If you are uncertain how to collect this information, see Gather Information for Azure Onboarding.

Perform the following steps to onboard Azure.

  1. In Aviatrix Cloud, go to Cloud Resources > Cloud Accounts and click +Cloud Account.

  2. Enter an Account Name and click Azure.

  3. Enter the following required IDs from your Azure account.

    If you are uncertain how to collect this information, see Gather Information for Azure Onboarding.

    • Subscription ID

    • Directory ID

    • Application ID

    • Client Secret

  4. Click Next.

    You will see a Discovering Cloud Resources message that changes to a success message after resources are discovered.

  5. Click Close.

  6. Verify that the new cloud account displays in the list on Cloud Accounts > Overview.

Next Step: Onboard Your VPCs or VNets

Gather Information for Azure Onboarding

You need to collect several IDs from your Azure account and enter them in Aviatrix Platform to onboard your cloud account.

If you have an existing application in Azure that you want to connect with, follow the instructions in Use IDs from an Existing Application in Azure.

If you are creating a new application in Azure to connect with, follow the instructions in Register a New Application in Azure.

From Azure, you can gather the following IDs that you must enter in the Aviatrix Onboard Cloud Account window:

  • Subscription ID

  • Application ID

  • Directory ID

  • Client Secret

Use IDs from an Existing Application in Azure

  1. Log into the Azure portal and search for "Subscriptions."

  2. Copy the Subscription ID to a text file.

    screenshot of Subscriptions page in Azure

  3. Search for “Entra," and click on "Microsoft Entra ID."

  4. Under Manage in the left navigation, click App registrations.

  5. Click the name of an existing registration and copy the Application ID and Directory ID into the text file with the Subscription ID.

Register a New Application in Azure

You can create a new application registration in Azure for Aviatrix PaaS and gather the required onboarding information. To do so, you must perform the following tasks in the specified order:

Register Your Aviatrix Application

Register Aviatrix PaaS as a new application in Azure.

  1. Log into the Azure portal and go to All services.

  2. Search for “Entra ID" and click on "Microsoft Entra ID."

  3. Click App registrations on the left, and then click + New registration.

  1. Enter a clear and memorable name for your Aviatrix application, select Accounts in this organizational directory only, and then click Register.

    The page displays details of your Aviatrix application registration.

  2. Copy the Application ID and Directory ID into a text file and save the file.

    You will use these ID values later to onboard your Azure account in Aviatrix PaaS.

Assign a Role to the Aviatrix Application

After registering Aviatrix PaaS as an application, assign this application a role to set up the connection between your Azure account and your Aviatrix PaaS account.

Assign a Role Using Azure PowerShell

You can set up the Contributor role by running the following Azure CLI commands from your computer prompt with Azure CLI installed, or from Azure Cloud Shell.

az ad sp create-for-rbac --name "name you want to use here" --role="Contributor" --scopes=/subscriptions/xxxx-xx-xxxx-xxxx (replace Xs with subscription id)
az ad sp list --show-mine  --output table

Assign a Role from the Azure Portal

  1. Log in to the Azure portal and search for "Subscriptions."

  2. Copy the Subscription ID to the text file where you saved the Application ID and Directory ID.

    screenshot of Subscriptions page in Azure

  1. Click the Subscription ID to open more details.

  2. On the Subscriptions page, select Access control (IAM) on the left.

  3. On the Access control (IAM) page, click + Add > Add role assignment.

    Alternatively, you can click Add role assignment, under Grant access to this resource.

  4. On the Role tab, select Privileged administrator roles.

  5. Select the Contributor role for this application.

  6. On the Members tab, click Select members.

  7. In the Select search field, enter the name of your Aviatrix application that you previously registered.

  8. Select your Aviatrix application and click Select.

    screenshot of add role assignment page in azure

  9. On the Add role assignment page, click Review + assign.

Your Aviatrix application is now assigned a Contributor role for this Azure subscription.

Create a Secret Identifier

After registering Aviatrix PaaS as an application and assigning it the Contributor role, create a Secret identifier. Microsoft Entra ID uses this Secret identifier to authenticate the Aviatrix PaaS application.

When you onboard your Azure account in Aviatrix PaaS console, you must enter this Secret Identifier value in the Onboard Cloud Account window.

  1. Navigate to All services > Microsoft Entra ID > App registrations and click the application name.

  2. Under Essentials, click Add a certificate or secret.

  3. On the Client secrets tab, click +New client secret.

  4. On Add a client secret, enter:

    • Description: Aviatrix

    • Expires: Set the time period to meet your corporate requirements.

      Make a note of the expiration date and use an alerting system to send a reminder before the client secret expires. Azure does not send an alert prior to invalidating the client secret. If the client secret expires, you can have issues with your Aviatrix PaaS connection.

  5. Click Add.

  6. On Certificates & secrets > Client secrets, copy and save the Value.

    This is the Client Secret you must enter in Aviatrix Onboard Cloud Account window.

    This is the only opportunity to save this Value. You cannot view it again after you leave the Certificates & secrets window. It is not stored in Azure or in Aviatrix Platform.