Introduction
Azure Tenant Integration installs all Azure Cloud subscriptions associated with a tenant as integrations in OpsRamp under the same client where the tenant integration is set up. To install all subscriptions for the tenant, users must provide the Tenant ID, Client ID, and Client Secret as input to the Azure Tenant Integration.
The Azure tenant integration provides you several key benefits:
- Centralized Management: All Azure Cloud subscriptions under a tenant are integrated into OpsRamp under a single client, allowing for easier and more centralized management of resources.
- Simplified Operations: With all subscriptions automatically integrated, users can streamline their operations, reducing the need for manual configuration and oversight across multiple subscriptions.
- Enhanced Visibility: Users gain comprehensive visibility into all their Azure resources within OpsRamp, enabling better monitoring, management, and decision-making.
- Security and Compliance: By using the Tenant ID, Client ID, and Client Secret, users ensure secure integration, maintaining the confidentiality and integrity of their Azure subscriptions.
Prerequisites
Configuration in Azure cloud
Step 1: Create a New Application in App Registrations
Log in to the Azure Portal.
Search for App registrations and click New registration.
Provide a name for the application.
Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant).
Click Register.
Once the app is registered, navigate to the Overview page. Copy the Directory (tenant) ID to use as the Tenant ID, and the Application (client) ID to use as the Client ID during installation in OpsRamp portal.
Navigate to Certificates & Secrets click New client secret to create a new secret key. Copy the Value to use as the Secret Key during installation in OpsRamp portal.
Step 2: Add Reader Role to the Application Created Earlier
After registering the app, follow below steps:
Search for Subscriptions in the Azure Portal and select the relevant subscription.
Click Access control (IAM).
Click +ADD and then select Add role assignment from the drop-down list.
Choose the Reader role and click Next.
Under Members, click + Select members, and choose the app you wish to assign the role to.
Once selected, click Review + assign.
Note
Make sure to assign the Reader role to all subscriptions you want to integrate with OpsRamp through Azure Tenant Integration.OpsRamp configuration
- Navigate to the Setup > Account.
- On the ACCOUNT DETAILS page, select Integrations.
- The INSTALLED INTEGRATIONS page is displayed with all the installed applications.
Note
If there are no installed applications, it will navigate to the AVAILABLE INTEGRATIONS AND APPS page.Click + ADD on the INSTALLED INTEGRATIONS page. The AVAILABLE INTEGRATIONS AND APPS page displays all the available applications along with the newly created application.
Note
You can even search for the application using the search option available. Also, you can use the All Categories option to search.Click ADD in the Azure application.
In the ADD AZURE page, select Type as Tenant to install Azure Tenant Integration.
Enter the account information:
| Functionality | Description |
|---|---|
| Tenant ID | (required) Enter the client ID that was generated during |
| Client ID | (required) Enter the client ID that was generated during |
| Secret Key | (required) Enter the secret key. Use the Value generated during Create a New Application in App Registrations as Secret Key. |
| Environment | (required) Choose Azure. |
You can choose All resources or choose specific resources to discover from your AWS account. If you would like to select specific resources, check the checkboxes, and select the resources you need.
Click Next.
Select the actions to be performed on the resources.
- Manage Device: Select this option such that all the discovered resources are in a managed state.
- Stream Azure Events: Provide Azure connection string-primary key. See instructions for configuring the connection string.
- Collect Cost Analytics: Select this option to collect project cost details resources utilized.
- Assign Management Profile: Select a gateway management profile from the drop-down list.
Click Install Agent (Linux only) if the agent needs to be installed on the device and select the device credentials.
Select the Discovery Schedule option to schedule a discovery and define the preferred Recurrence pattern.
Note
The filters, options, and discovery schedule configured during tenant integration installation will be applied to the installation of child accounts.Click FINISH. The Azure app is installed.
Note
- When you install Azure Tenant Integration, all subscriptions under the tenant will be integrated into the client. During the installation, all child integrations will inherit the properties of the Azure Tenant Integration, including the Discovery profile, Actions (limited to Manage Device), Discovery Schedule, and Credentials. After installation, you can update the Discovery profile, Actions, Credentials, and Discovery Schedule individually as needed.
- If you update the tenant integration, only the provided credentials (such as Client ID, Secret, and environment) will be updated for the child integrations; the Discovery profile and Actions will remain unchanged. Additionally, only subscriptions that have access to these credentials will be updated.
- If you delete the tenant integration and enable the option to delete linked child accounts, all subscriptions associated with that tenant (whether installed via tenant integration or not) will be removed from the client.When deleting an Azure Tenant Integration through the API, you need to set the
deleteAssociatedChildAccountsfield totrue. If this boolean field is not included or is set tofalse, the associated child accounts will not be uninstalled by default. - If a user adds or deletes specific subscriptions in Azure Cloud after the tenant integration has been installed, those subscriptions will not be automatically added or deleted. The user will need to manually add or remove the subscription in OpsRamp.