To create a service principal with "Reader" permissions for all resources in Azure using the Azure Portal, you can follow these steps:
Pre-requisites:
Ensure you are signed in to your Azure account using an account with the necessary permissions to create service principals.(Global Administrator)
Access to iCompaas application
Integration Process:
On Azure portal, navigate to App Registrations
Click on the "New registration" button to create a new application registration (service principal).
- Provide a name for your application registration in the "Name" field.
- Choose the "Supported account types "as Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)”
- Leave the "Redirect URI" field empty for this scenario.
- Click the "Register" button to create the application registration.
- Copy Application (client) ID and Directory (tenant) ID
- Enter these values on icompaas
Client Secret:
Click on “Certificates and Secrets”
Go to Client secret tab, click on “+ New Client secret”
Add the Description and Expiration
Click on “Add
- Copy “Value”(Can’t view if exits the page)
Enter value to iCompaas
Go API permissions
Click on Add a Permission
Select ‘Microsoft Graph’
Click on ‘Application Permissions’
Search ‘Directory’ and select ‘Directory.Read.All’
And click on ‘Add Permissions’
Click on ‘Grant admin consent’ and click Yes on Confirmation pop-up
Navigate to subscriptions
Copy the ‘Subscription ID’ and paste it on iCompaas
Go to "Access control (IAM)" in the left-hand menu:
Click on ‘+ Add’ and then "Add role assignment" button.
In the "Add role assignment" pane
Serarch for "Reader" role and click to select.
Go to ‘Members’ tab o top
In the "Assign access to" section, select "Azure AD user, group, or service principal."
In the "Select" field, start typing the name of the application registration you created earlier. It should appear in the dropdown.
Click on that application and select
- Click on Review + assign to assign the permissions
Special Note: Congratulations! You have completed the prerequisite steps to add your cloud account. Please click the “Next” button below to finish the setup.