Link Search Menu Expand Document

Set Access Control for the AAD application

A user will need to provide Access Control to the AAD Application for it to manage the user’s Azure Services (App Services, DNS Zone and Key Vault).

  • Go to Azure subscriptions, and open the subscription

  • In the subscription, click on ‘Access control (IAM)’ and add a new role assignment

install

  • Select the ‘Contributor’ role

  • Search for the AAD App that was registered and select it. (If you did not register an AAD app previously, please follow the instruction in this link : Registering an AAD Application)

install

  • Click the ‘Save’ button

  • In the ‘Role assignments’ tab, you will see the new role assignment you just added

install

You must repeat these steps for each Azure Subscription that a user may wish to access.

Access Policies for Key Vault

If a user is creating SSL/TLS certificates for Azure Key Vault, they will need to set Access policies for the certificate in Key Vault

  • In Key Vault, click on ‘Access policies’ and ‘Add Access Policy’

install

  • In the ‘Certificate permissions’ dropdown, select all 16 permissions, including ‘Purge’ permission.

install

  • Then , click on ‘Select principal’

  • Search for the application that was registered and select it

install

  • Click the ‘Add’ button when you are done

install

  • Click the ‘Save’ button to save the access policy

install

  • The newly added access policy will be displayed

install