My cloud toolbox

View Original

Cloud administrators can delegate authorization to apps

When cloud administrators need an app to manage some of their cloud resources, there is no need for the administrators to give their credentials to the app, instead, Azure brings the option to create an authorization for the app to use.

Then the administrators can assign permissions to the authorization so the app will have access only to the resources specified by the administrators and not all of their permissions.

Directory id

The app will need a way to identify where the authorization resides and for that it needs the directory id.

It is also known as tenant id and can be found on Azure portal under Active Directory properties.

Application id and Key value

The app will also need credentials to authenticate with the cloud provider.

Like a username, the app needs an application id that you can get when you register the application using the Azure portal.

For the name of the app and for the sign-on URL you can use the following:

MyCloudToolbox
https://app.mycloudtoolbox.com

For the password, the app needs a client secret of the app registration.

Assign permissions

If you do not assign permissions to the newly created app on the portal it will be useless.

In the case of managing a virtual machine, you need to find the virtual machine Access Control (IAM) and add the newly created app with a role.  The role "DevTest Labs User" will be just enough to start and/or deallocate the VM. You can do this by following this instructions to add role assignment to a resource like a virtual machine.