Cloud administrators can delegate authorization to apps
When cloud administrators need an app to manage some of their cloud resources, there is no need for the administrators to give their credentials to the app, instead, Azure brings the option to create an authorization for the app to use.
Then the administrators can assign permissions to the authorization so the app will have access only to the resources specified by the administrators and not all of their permissions.
The app will need a way to identify where the authorization resides and for that it needs the directory id.
It is also known as tenant id and can be found on Azure portal under Active Directory properties.
Application id and Key value
The app will also need credentials to authenticate with the cloud provider.
Click here to learn how to create these on Azure portal. For the name of the app and for the sign-on URL you can use the following:
If you do not assign permissions to the newly created app on the portal it will be useless.
In the case of managing a virtual machine, you need to find the virtual machine Access Control (IAM) and add the newly created app with a role. The role "DevTest Labs User" will be just enough to start and/or deallocate the VM.