Set Access Control for the AAD application
A user will need to provide Access Control to the AAD Application for it to manage the user’s Azure Services (App Services, DNS Zone and Key Vault).
-
Go to Azure subscriptions, and open the subscription
-
In the subscription, click on ‘Access control (IAM)’ and add a new role assignment
-
Select the ‘Contributor’ role
-
Search for the AAD App that was registered and select it. (If you did not register an AAD app previously, please follow the instruction in this link : Registering an AAD Application)
-
Click the ‘Save’ button
-
In the ‘Role assignments’ tab, you will see the new role assignment you just added
You must repeat these steps for each Azure Subscription that a user may wish to access.
Access Policies for Key Vault
If a user is creating SSL/TLS certificates for Azure Key Vault, they will need to set Access policies for the certificate in Key Vault
- In Key Vault, click on ‘Access policies’ and ‘Add Access Policy’
- In the ‘Certificate permissions’ dropdown, select all 16 permissions, including ‘Purge’ permission.
-
Then , click on ‘Select principal’
-
Search for the application that was registered and select it
- Click the ‘Add’ button when you are done
- Click the ‘Save’ button to save the access policy
- The newly added access policy will be displayed