To use Kublr, you’ll need a Microsoft Azure subscription account, as well as validated Kublr credentials.
To register your application, you must have sufficient permissions with your Azure AD tenant and assign the application to a role in your Azure subscription. To ensure you have the right permissions, please perform the following steps.
Log in to your Azure Account through the Azure portal.
Select Azure Active Directory.
In Azure Active Directory, select User settings.
Check the App registrations setting. If set to Yes, non-admin users can register AD apps. This setting means any user in the Azure AD tenant can register an app. You can proceed to Check Azure subscription permissions.
If the app registrations setting is set to No, only admin users can register apps. To check whether your account is an admin for the Azure AD tenant:
Navigate back to Azure Active Directory.
On the left panel, click Users. The All users (Preview) page is displayed.
Click the name ot your user (use Search if necessary). The page of the user is displayed.
Click Assigned roles.
Make sure, one of the following assingments is presented:
If not, add one of them.
NOTE Alternatively, you may ask your administrator to add the “register app” permission to one of your user’s presented roles.
In your Azure subscription, your account must have Microsoft.Authorization/Write permission to assign an AD app to a role. This action is granted through the Owner role or User Access Administrator role. If your account is assigned to the Contributor role, you do not have required permission and will receive an error when attempting to assign the service principal to a role.
To check your subscription permissions:
Log in to your Azure Account through the Azure portal.
Select Azure Active Directory.
Select App registrations → New registration.
Set application name.
Leave Redirect URI blank or select Web/API for the type and the address of your Kublr control plane as URI.
NOTE You cannot create credentials for a Native application; therefore, that type does not work for an automated application.
Click Register. You have created your application.
When programmatically logging in, you need the ID for your application and an authentication key. To get those values, use the following steps:
In Azure Active Directory, on the left panel, click App registration.
Use the Owned applications tab.
For your application, copy its Application (client) ID and store it. You will use this value as the Client ID later.
To generate an authentication key:
Go to your application page.
On the left panel, click Certificates & secrets.
In the Client secrets section, click New client secret.
Provide a description and a duration of the secret. When done, save. In the Client secrets section, the new secret along with the value is displayed.
Copy Value now - you will not able to retrieve it later.
Use this value later as Client Secret.
When programmatically logging in, you need to pass the tenant ID with your authentication request.
To access resources in your subscription, you must assign the application to a role. Decide which role represents the right permissions for the application. To learn about the available roles, see RBAC: Built in Roles.
You can set the scope at the level of the subscription, resource group, or resource. Permissions are inherited to lower levels of scope. For example, adding an application to the Reader role for a resource group means it can read the resource group and any resources it contains. Kublr requires Contributor Role so that it can provision virtual machines and prepare your infrastructure to run Kublr