# Configure an Azure AD Stamp ## HOST VM OF THE STAMP TO BE CONFIGURED On **AzS Development Kits**, sign in to the physical host. On **multi-node integrated systems**, the host must be a system that can access admin end point. 1. Place the RegisterVConnectAdminApp.ps1 file in a temp folder. \[This file can be found in the install folder of Host VM where VConnect RP was installed: c:\CloudAssert\VConnectMSM\AppRegistration\\] 2. Open a new elevated (administrative) PowerShell console and change to the above directory. Use a new window to avoid problems that might arise from incorrect PowerShell modules that are already loaded on the system 3. Run the RegisterVConnectAdminApp.ps1 script with appropriate parameters ``` .\RegisterVConnectAdminApp.ps1 -ServiceAdminUser '' -ServiceAdminPassword '' -AzureStackAdminResourceManagerEndpoint '' -AzureDirectoryTenantId '' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId '' Eg: .\RegisterVConnectAdminApp.ps1 -ServiceAdminUser 'msmtest@cloudassertrp.contoso.com' -ServiceAdminPassword 'Test123' -AzureStackAdminResourceManagerEndpoint 'https://adminmanagement.local.contoso.com/' -AzureDirectoryTenantId 'eef3d6b3-cf97-42c1-9cc5-f68905cdd1a6' -AzureEnvironment 'AzureCloud' -IdentitySystemType 'AzureAD' -adminSubscriptionId 'a7f2bc5b-2287-4a8b-b256-dcb14dd06878' ``` | Parameter Name | Description | Required | | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------- | | ServiceAdminUser |

Go to Admin Portal -> Login as Service Admin -> Subscriptions -> Default Provider Subscription -> Check if role is Owner Eg: . Ensure this user is assigned with Application Administrator role in Azure AD.

| *Required* | |

ServiceAdmin

Password

| Password for the above ServiceAdmin | *Required* | |

AzureStackAdmin

ResourceManager

Endpoint

| Azure Stack ARM endpoint. Eg: "" | *Required* | |

AzureDirectory

TenantId

| Azure Directory tenant Id | *Required* | | AzureEnvironment | Cloud environment Eg: AzureCloud | *Required* | | IdentitySystemType | Either "AzureAD" or "ADFS" depending on authentication mechanism used in the Azure Stack being added | *Required* | | adminSubscriptionId | Default Provider Administrator Subscription ID | *Required* | The script outputs **VConnectRegistrationOutput.txt** in the same AppRegistration folder having all the information needed to add a new azure stack connection in VConnect coming up next. ![](https://3532473591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M6voWNOkQYKxJnx1zI4%2F-M8VdkYz-y7pf-Hr76Pq%2F-M8VyZLsNEfmVRjK3XPw%2Fimage.png?alt=media\&token=20922b73-5d06-4ad5-b163-7aa426ca97c6) ![](https://3532473591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M6voWNOkQYKxJnx1zI4%2F-M8VdkYz-y7pf-Hr76Pq%2F-M8VzfIoOaBRIA4SWyBh%2Fimage.png?alt=media\&token=e927534c-29ef-46d9-8963-16eeeed680b6) ## **IMPORT CERTIFICATE** If you prefer the stamp to be connected via certificate authentication (instead of application secret), import the .pfx file generated in the above step into VConnect Resource Provider VM as shown below. #### VConnect Resource Provider VM Ensure the certificate is imported into the **Personal** store of this VM. 1. Open the certificate console (Using MMC) in the VConnect VM. 2. Go to **Personal** -> On the imported certificate, Right click -> Select **All Tasks**, and then click **Manage Private Keys**. 3. In the new window, click **Add**. 4. Under 'Enter object name to select' type **IIS\_IUSRS** and click **OK**. 5. In the previous window, click **Apply**, and then **OK** to close the window ## **ADMIN PORTAL OF THE STAMP WITH RP** Create a new connection from the VConnect admin extension in the admin portal. 1. Go to the admin portal of the master stamp where VConnect RP is deployed 2. Go to **All Services** -> **VConnect** 3. Click on **Connections** 4. Click on **Azure Stack Hub** 5. Click on **Add** to create a new connection (Use the VConnectRegistrationOutput.txt file to fill in details, screenshots below for reference). | Property | Description | | ------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Connection Name | Name of the stamp | | Owner | Company owning the stamp | | Owner Email | Contact email of the person owning the stamp | | Category | Category Eg: Development, Testing, Production, etc., | | Sub-Category | Sub category if any | | Admin ARM endpoint URL | Admin ARM URL for the stamp | | Location |

On an integrated system, the second segment of Admin ARM URL is the location. Eg: "", in this environment "redmond" is the location

On ASDK, the value is "local"

| | Admin Subscription ID | Admin subscription Id. From VConnectRegistrationOutput.txt, take the value for AdminSubscriptionId | | Tenant Directory ID | Tenant directory Id. From VConnectRegistrationOutput.txt, take the value for TenantId | | Application ID | Application ID created using above script. From VConnectRegistrationOutput.txt, take the value for ApplicationId | | ApplicationSecret | ApplicationSecret created using above script. From VConnectRegistrationOutput.txt, take the value for ApplicationSecret | | Proxy Address | Proxy address \[Only when a proxy is used to connecting stamps] | | Proxy Port | Proxy port \[Only when a proxy is used to connecting stamps] | | Proxy Username | Proxy Username \[Only when a proxy is used to connecting stamps] | | Proxy User Password | Proxy User Password \[Only when a proxy is used to connecting stamps] | | Admin Portal URL | Admin Portal URL. Auto populated based on Admin ARM URL. Please verify if it is correct. | | Tenant Portal URL | Tenant Portal URL. Auto populated based on Admin ARM URL. Please verify if it is correct. | | Use Default Credentials for Proxy? | Set only when a proxy is used to connecting stamps | | Is Environment Integrated with ADFS? | Do not check if Azure AD | | Skip Server Certificate Validation | Check | | Enable for Provisioning | Check | | Skip Connection Validation | Uncheck | ![](https://3532473591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M6voWNOkQYKxJnx1zI4%2F-M7ImqeQmzy5_DcOJJv0%2F-M7JZoTBBUCtPsBYu_M3%2Fimage.png?alt=media\&token=3d7413b5-3542-4fff-a689-7c5781ca225e) ![](https://3532473591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M6voWNOkQYKxJnx1zI4%2F-M7ImqeQmzy5_DcOJJv0%2F-M7JZiJkL2My3Rpp-MGh%2Fimage.png?alt=media\&token=d20b3b4e-1e7f-40a6-9742-d0a8a8203dc5) 6\. Once a connection is added successfully, please wait for up to **10 minutes** for the data to show up in portal. Data pertaining to Alerts, Resource Providers may start showing immediately. Data pertaining to Stamp Overview, Stamps, Updates may take up to 10 minutes to properly show in portal. ![](https://3532473591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M6voWNOkQYKxJnx1zI4%2F-M8WCU5aWjFAaspO9SJR%2F-M8WCrjcaDiU4tsym-tn%2Fimage.png?alt=media\&token=89a6aed4-d6dd-4d36-98ff-a318045126f0)