Set Access Control for the AAD application

V7.0.0

A user will need to provide Access Control to the AAD Application for it to manage the user’s Azure Services (Key Vault, DNS Zone and App Services).

  • Go to Azure Subscriptions, and open the subscription that contains your Azure Key Vault, DNS Zone, App Services

  • In the subscription, click on ‘Access control (IAM)’ and add a new role assignment

install

  • Select the ‘Contributor’ role and click the ‘Next’ button

install

  • Assign access to : ‘User, groups or service principal’ and click the ‘Select members’ link

  • Search for the AAD App that was registered and select it. (If you did not register an AAD app previously, please follow the instruction in this link : Registering an AAD Application)

install

  • Click the ‘Review + assign’ button

install

  • In the ‘Role assignments’ tab, you will see the new role assignment you just added

install

You must repeat these steps for each Azure Subscription that a user may wish to access.

Access Policies for Key Vault

If a user is creating SSL/TLS certificates for Azure Key Vault, they will need to set Access policies for the certificate in Key Vault.

This step is not required, if SSL/TLS certificates are not being created for Key Vault.

  • In Key Vault, click on ‘Access policies’ and ‘Add Access Policy’

install

  • In the ‘Certificate permissions’ dropdown, select all 16 permissions, including ‘Purge’ permission.

install

  • Then , click on ‘Select principal’

  • Search for the application that was registered and click the ‘Select’ button to select it

install

  • Click the ‘Add’ button when you are done

install

  • Click the ‘Save’ button to save the access policy

install

  • The newly added access policy will be displayed

install