The process of integrating Azure services in Onepane requires the following steps:
Create an AD application for Onepane in Azure
Grant directed API permissions over Azure resources
Generate the Application Secret and place it in Onepane
Here's a step-by-step guide on how to create an Azure AD application with the necessary permissions for integrating with Azure resources and incident alerts to Onepane:
Step 1: Navigate to the Azure Active Directory (Microsoft Entra ID) on the Azure Portal
Click "Azure Active Directory" (Now re-named as "Microsoft Entra ID") from the left-hand navigation menu in the Azure Portal.
Step 2: Register an Application
In the Azure AD section, Click "App registrations" in the left-hand menu
To create a new registration, Click on the "+ New registration" button
Step 4: Configure Application Details
Name: Enter a name for your application.
Supported account types: Always choose the appropriate account types based on your integration needs. For now, select "Accounts in this organizational directory only."
Redirect URI (optional): leave it empty
Click the "Register" button to create the application.
Step 6: Configure API Permissions
Open the AD Application after registration
In the application's overview page, navigate to the "API permissions" tab.
Click the "+ Add a permission" button.
Add following permissions
Log analytics API - Data.Read
Microsoft Graph - User.Read
Microsoft Graph - Directory.Read.All
Microsoft Graph - APIConnectors.Read.All
Microsoft Graph - ExternalConnections.Read.All
Microsoft Graph - ExternalItem.Read.AllClick the "Add permissions" button to save your selections.
Step 7: Grant Admin Consent
After adding the necessary permissions, you will need to obtain consent from an administrator to use these permissions.
Click the "Grant admin consent for [your tenant name]" button on the AD application homepage. An administrator will need to sign in and approve these permissions.
Step 8: Create client credentials
Go to Certificates and secrets
Click the "New client secret" button and create a secret for the onepane app. Store these credentials for further use
Step 9: Grant Reader access to the subscription
Open the Current subscription page
In the subscription's overview page, navigate to the "Access control" tab. Click on '+ Add'. Select Add role assignment from it
Give Reader access to the subscription for the ad application we created before
Grant Resource Policy Contributor and Tag Contributor access to the previously created Azure AD application.
Policy Contributor: This role allows users to create, manage, and assign policies in Azure Policy. This can be helpful to enforce organizational standards, compliance, and governance by defining and applying policies across your resources.
Tag Contributor: With this role, users can manage resource tags, which are metadata labels used for organizing and categorizing resources. Tagging helps in resource management, cost tracking, and overall resource organization within Azure.
Step 10: Retrieve Application Details
Go to the current application's overview page, note down the following information:
Application (client) ID: This is a unique identifier for your application.
Directory (tenant) ID: This is the ID of your Azure AD tenant.
Client secret (optional): The secret which we created in the last Step
Goto subscriptions windows and get your subscription ID
Subscription ID: This is a unique identifier for your subscription.
Step 11: Store Application Information Securely
Keep the application details, including the client's secret, in a secure location. These details will be used to authenticate and authorize your application to access Azure resources by onepane.
You've successfully created an Azure AD application with the necessary permissions for integrating with onepane. Now configure this at the Onepane console
Follow these steps: Azure Connector Configuration
Still need help?
Contact us