2201.1
Cloud Assert Home Docs Home

Create Service Principal from Azure Portal

Service principal can be created in azure portal using the below steps

Steps:

  1. Login to the Azure portal using the Azure Stack service admin credentials.

  2. Click on Manage Azure Active Directory.

  3. Click on App registrations from the left pane and click on New registration.

  1. Enter the Name like ’Cloud Assert VConnect SPN Stamp4’ and the Supported account types should be selected as ‘Accounts in this organizational directory only’.

  1. Click Register and will be landed on the application overview page.

6. Click on Add an Application ID URI and Frame Application ID URI like below

https://vconnect.{DirectoryTenantName}/azs/multi-stamp-manager/{Guid}

Eg: https://vconnect.cloudassertrp.onmicrosoft.com/azs/multi-stamp-manager/a694402b-7fdc- 4d89-bc15-06c6e380adf0

  • Replace {DirectoryTenantName} and {Guid}

  • Guid can be obtained by running the below powershell commands

$resourceManagerUri="<Replce Here>"
$applicationGuid = ([System.Guid]::NewGuid()).Guid
if ($resourceManagerUri -and $resourceManagerUri.Segments.Count -eq 2) {
try { 
$applicationGuid = [System.Guid]::Parse($resourceManagerUri.Segments[0].ToString()) } catch {}
}
Write-Output $applicationGuid

  1. Click on Set

  1. Enter the URI framed in Step 6 and Click Save.

  1. Find the Application Id of the Application named ‘Azure Stack - Administration’ which is created during the Azure Stack Hub stamp deployment.

  1. Ensure the Home page URL in the Branding & properties section and the new Azure Stack Hub stamp ARM endpoint url are same.

  2. Note down the Application Id of the application ‘Azure Stack - Administration’

  3. Go to the application ‘Cloud Assert VConnect SPN Stamp 4’ created on Step 4.

  4. Click 'API permissions' from the left pane.

  1. Click Add a permission.

  1. Click APIs my organization uses and search for the Application Id of the application ‘Azure Stack - Administration’ note down on Step 10.

  1. Click on the application that matches the Application Id and check the permission as seen below and click the 'Add permissions' button.

  1. Click on 'Certificates & secrets' from the left pane.

  1. Click New client secret button. Provide a description and select the expiry as 24 months or more than 24 months

  1. Copy the app secret text to a notepad since it will be hidden once the page is refreshed.

  1. Login to Azure Stack admin portal with the service admin credentials.

  2. Navigate to subscriptions and click on the 'Default Provider Subscription'

  3. Click on Access control (IAM)

  1. Click on the Add button and select Add role assignment

  2. Select the Role as Contributor.

  3. In the select field, search for the SPN “Cloud Assert VConnect SPN Stamp4” with the help of app id obtained in Step 5.

  1. Click on the application and click the save button.

  2. Proceed to create a connection to the new stamp.

PreviousConfigure an ADFS StampNextTroubleshooting

Last updated