Gather Information for Azure Onboarding

You need to collect the following IDs associated with the Azure application you will use to connect with Aviatrix PaaS. You enter the IDs in Aviatrix Platform console when onboarding your cloud account.

  • Subscription ID

  • Application ID

  • Directory ID

  • Client Secret

You can create a new application in Azure or use an existing application for Aviatrix PaaS.

Create a New Application in Azure

You can create a new application registration in Azure for Aviatrix PaaS and gather the required onboarding information. To do so, you must perform the following tasks in the specified order:

  1. Register the application

    Collect the Application (client) ID and Directory (tenant) ID

  2. Assign a role to the application

    Collect the Subscription ID and assign the Contributor role.

  3. Create a secret identifier for the application

    Create the secret and collect the Client Secret Value.

Register Your Aviatrix Application

Register Aviatrix PaaS as a new application in Azure.

  1. In the Azure portal, search for and select App registrations.

  2. Click + New registration and enter a clear and memorable name for your Aviatrix application.

  3. Select Accounts in this organizational directory only, and then click Register.

    The page displays details of your Aviatrix application registration.

    app and directory IDs

  4. Copy the Application (client) ID and Directory (tenant) ID of the new application into a text file and save the file.

    You will use these ID values later to onboard your Azure account in Aviatrix PaaS.

Assign a Role to the Aviatrix Application

After registering Aviatrix PaaS as an application, assign this application a role to set up the connection between your Azure account and your Aviatrix PaaS account.

  1. In the Azure portal, search for and select "Subscriptions."

  2. Identify the subscription you want to use and click the Subscription Name to open more details.

  3. Copy the Subscription ID to the text file where you saved the Application ID and Directory ID.

    screenshot of subscriptions page in azure

  4. Select Access control (IAM) in the left navigation.

    access control add role menu

  5. On the Access control (IAM) page, click + Add > Add role assignment.

    Alternatively, you can click Add role assignment, under Grant access to this resource.

  6. On the Role tab, select Privileged administrator roles.

    screenshot of add role assignment page in azure

  7. Search for and select the Contributor role for this application.

  8. On the Members tab, select Assign access to: User, group, or service principal.

    azure add role page

  9. Click Select members.

  10. Locate the name of the Aviatrix application that you previously registered.

  11. Select your Aviatrix application and click Select.

  12. On the Add role assignment page, click Review + assign at the bottom of the page.

    You might need to click Review + assign twice.

Your Aviatrix application is now assigned a Contributor role for this Azure subscription.

Create a Secret Identifier

After registering Aviatrix PaaS as an application and assigning it the Contributor role, create a Secret identifier. Microsoft Entra ID uses this Secret identifier to authenticate the Aviatrix PaaS application.

When you onboard your Azure account in Aviatrix PaaS console, you must enter this Secret Identifier value in the Onboard Cloud Account window.

  1. Navigate to App registrations and click the name of the application you are using.

  2. Under Essentials, click Add a certificate or secret.

    azure app registration essentials

  3. On the Client secrets tab, click +New client secret.

    client secrets tab

  4. On Add a client secret, enter:

    • Description: Aviatrix

    • Expires: Set the time period to meet your corporate requirements.

      Make a note of the expiration date and use an alerting system to send a reminder before the client secret expires. Azure does not send an alert prior to invalidating the client secret. If the client secret expires, you can have issues with your Aviatrix PaaS connection.

  5. Click Add.

  6. In the table on Certificates & secrets > Client secrets, copy and save the Value for the secret you created.

    This is the Client Secret you must enter in the Aviatrix Onboard Cloud Account page.

    This is the only opportunity to save this Value. You cannot view it again after you leave the Certificates & secrets window. It is not stored in Azure or in Aviatrix Platform.

Next Step: Onboard Your Microsoft Azure Cloud Account

Use IDs from an Existing Application in Azure

If you already have an application in Azure that you want to associate with your Aviatrix PaaS account, perform the following steps to collect the necessary information.

  1. Log in to the Azure portal and search for "Subscriptions."

  2. Copy the Subscription ID to a text file.

    screenshot of Subscriptions page in Azure

  3. Search for and select App registrations.

  4. Click the name of an existing registration and copy the Application ID and Directory ID into the text file with the Subscription ID.

    app and directory IDs

  5. If you have a Client Secret (part of the Azure Secret Identifier), add it to the list of saved IDs.

    If you need to create a Client Secret, see Create a Secret Identifier.

Next Step: Onboard Your Microsoft Azure Cloud Account