Configure an Azure AD Stamp

HOST VM OF THE STAMP TO BE CONFIGURED

On AzS Development Kits, sign in to the physical host.

On multi-node integrated systems, the host must be a system that can access admin end point.

  1. Place the RegisterVConnectAdminApp.ps1 file in a temp folder. [This file can be found in the install folder of Host VM where VConnect RP was installed: c:\CloudAssert\VConnectMSM\AppRegistration\]

  2. Open a new elevated (administrative) PowerShell console and change to the above directory. Use a new window to avoid problems that might arise from incorrect PowerShell modules that are already loaded on the system

  3. Run the RegisterVConnectAdminApp.ps1 script with appropriate parameters

.\RegisterVConnectAdminApp.ps1 -ServiceAdminUser '' -ServiceAdminPassword '' -AzureStackAdminResourceManagerEndpoint '' -AzureDirectoryTenantId '' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId ''

Eg:
.\RegisterVConnectAdminApp.ps1 -ServiceAdminUser 'msmtest@cloudassertrp.contoso.com' -ServiceAdminPassword 'Test123' -AzureStackAdminResourceManagerEndpoint 'https://adminmanagement.local.contoso.com/' -AzureDirectoryTenantId 'eef3d6b3-cf97-42c1-9cc5-f68905cdd1a6' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId 'a7f2bc5b-2287-4a8b-b256-dcb14dd06878'

Parameter Name

Description

Required

ServiceAdminUser

Go to Admin Portal -> Login as Service Admin -> Subscriptions -> Default Provider Subscription -> Check if role is Owner Eg: admin@contosotest.onmicrosoft.com. Ensure this user is assigned with Application Administrator role in Azure AD.

Required

ServiceAdmin

Password

Password for the above ServiceAdmin

Required

AzureStackAdmin

ResourceManager

Endpoint

Azure Stack ARM endpoint. Eg: "https://adminmanagement.redmond.masi67.corp.contosotest.com/"

Required

AzureDirectory

TenantId

Azure Directory tenant Id

Required

AzureEnvironment

Cloud environment Eg: AzureCloud

Required

IdentitySystemType

Either "AzureAD" or "ADFS" depending on authentication mechanism used in the Azure Stack being added

Required

adminSubscriptionId

Default Provider Administrator Subscription ID

Required

The script outputs VConnectRegistrationOutput.txt in the same AppRegistration folder having all the information needed to add a new azure stack connection in VConnect coming up next.

IMPORT CERTIFICATE

If you prefer the stamp to be connected via certificate authentication (instead of application secret), import the .pfx file generated in the above step into VConnect Resource Provider VM as shown below.

VConnect Resource Provider VM

Ensure the certificate is imported into the Personal store of this VM.

  1. Open the certificate console (Using MMC) in the VConnect VM.

  2. Go to Personal -> On the imported certificate, Right click -> Select All Tasks, and then click Manage Private Keys.

  3. In the new window, click Add.

  4. Under 'Enter object name to select' type IIS_IUSRS and click OK.

  5. In the previous window, click Apply, and then OK to close the window

ADMIN PORTAL OF THE STAMP WITH RP

Create a new connection from the VConnect admin extension in the admin portal.

  1. Go to the admin portal of the master stamp where VConnect RP is deployed

  2. Go to All Services -> VConnect

  3. Click on Connections

  4. Click on Azure Stack Hub

  5. Click on Add to create a new connection (Use the VConnectRegistrationOutput.txt file to fill in details, screenshots below for reference).

Property

Description

Connection Name

Name of the stamp

Owner

Company owning the stamp

Owner Email

Contact email of the person owning the stamp

Category

Category Eg: Development, Testing, Production, etc.,

Sub-Category

Sub category if any

Admin ARM endpoint URL

Admin ARM URL for the stamp

Location

On an integrated system, the second segment of Admin ARM URL is the location. Eg: "https://adminmanagement.redmond.contoso.com/", in this environment "redmond" is the location

On ASDK, the value is "local"

Admin Subscription ID

Admin subscription Id. From VConnectRegistrationOutput.txt, take the value for AdminSubscriptionId

Tenant Directory ID

Tenant directory Id. From VConnectRegistrationOutput.txt, take the value for TenantId

Application ID

Application ID created using above script. From VConnectRegistrationOutput.txt, take the value for ApplicationId

ApplicationSecret

ApplicationSecret created using above script. From VConnectRegistrationOutput.txt, take the value for ApplicationSecret

Proxy Address

Proxy address [Only when a proxy is used to connecting stamps]

Proxy Port

Proxy port [Only when a proxy is used to connecting stamps]

Proxy Username

Proxy Username [Only when a proxy is used to connecting stamps]

Proxy User Password

Proxy User Password [Only when a proxy is used to connecting stamps]

Admin Portal URL

Admin Portal URL. Auto populated based on Admin ARM URL. Please verify if it is correct.

Tenant Portal URL

Tenant Portal URL. Auto populated based on Admin ARM URL. Please verify if it is correct.

Use Default Credentials for Proxy?

Set only when a proxy is used to connecting stamps

Is Environment Integrated with ADFS?

Do not check if Azure AD

Skip Server Certificate Validation

Check

Enable for Provisioning

Check

Skip Connection Validation

Uncheck

6. Once a connection is added successfully, please wait for up to 10 minutes for the data to show up in portal. Data pertaining to Alerts, Resource Providers may start showing immediately. Data pertaining to Stamp Overview, Stamps, Updates may take up to 10 minutes to properly show in portal.

Last updated