To create a service principal with "Reader" permissions for all resources in Azure using the Azure Portal, you can follow these steps:


Pre-requisites:

  • Ensure you are signed in to your Azure account using an account with the necessary permissions to create service principals.(Global Administrator)

  • Access to iCompaas application


Integration Process:

  • On Azure portal, navigate to App Registrations

  • Click on the "New registration" button to create a new application registration (service principal).

  • Provide a name for your application registration in the "Name" field.
  • Choose the "Supported account types "as Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)”
  • Leave the "Redirect URI" field empty for this scenario.
  • Click the "Register" button to create the application registration.
  • Copy Application (client) ID and Directory (tenant) ID
  • Enter these values on icompaas


Client Secret:

  • Click on “Certificates and Secrets”

  • Go to Client secret tab, click on “+ New Client secret”

  • Add the Description and Expiration

  • Click on “Add

  • Copy “Value”(Can’t view if exits the page)
  • Enter value to iCompaas

  • Go API permissions

  • Click on Add a Permission

  • Select ‘Microsoft Graph’

  • Click on ‘Application Permissions’

  • Search ‘Directory’ and select ‘Directory.Read.All’

  • And click on ‘Add Permissions’

  • Click on ‘Grant admin consent’ and click Yes on Confirmation pop-up

  • Navigate to subscriptions

  • Copy the ‘Subscription ID’ and paste it on iCompaas


  • Go to "Access control (IAM)" in the left-hand menu:

  • Click on ‘+ Add’ and then "Add role assignment" button.

  • In the "Add role assignment" pane

  • Serarch for  "Reader" role and click to select.

  • Go to ‘Members’ tab o top

  • In the "Assign access to" section, select "Azure AD user, group, or service principal."

  • In the "Select" field, start typing the name of the application registration you created earlier. It should appear in the dropdown.

  • Click on that application and select

  • Click on Review + assign to assign the permissions


Special Note: Congratulations! You have completed the prerequisite steps to add your cloud account. Please click the “Next” button below to finish the setup.