Azure Account Onboarding

Purpose

Belowe is the step-by-step procedure to onboard an Azure account into CloudSPX using the following details:

• Tenant ID
• Client ID (Application ID)
• Client Secret
• Subscription ID

The objective is to securely grant CloudSPX the required access to the Azure subscription for discovery, monitoring, and management.

Prerequisites

Before starting, ensure the following:

• You have Owner or Contributor role on the Azure subscription.
• Azure Active Directory (Entra ID) access to create App Registrations.
• Subscription ID is available.
• Workspace ID (CloudSPX workspace / tenant workspace identifier) is available.
• CloudSPX portal access with onboarding permissions.

Access Requirements for CloudSPX

The following access permissions are required for successful onboarding and operation of CloudSPX.

Azure Portal Configuration Steps

Step 1: Create App Registration in Entra ID

1. Log in to the Azure Portal (portal.azure.com)
2. Navigate to Microsoft Entra ID (formerly Azure Active Directory)
3. Click on App registrations in the left sidebar
4. Click + New registration
5. Provide an application name (e.g., "CloudSPX-ServicePrincipal")
6. Select the supported account type (typically "Single tenant")
7. Click Register
8. After creation, copy the Application (client) ID and Directory (tenant) ID from the Overview page

Figure 1 : Azure App Registrations

Step 2: Generate Client Secret

1. In the same App Registration, navigate to Certificates & secrets in the left menu
2. Click on + New client secret
3. Add a description (e.g., "CloudSPX Access Key")
4. Select an expiration period according to your security policy
5. Click Add
6. Immediately copy the secret value (it won't be shown again)
7. Store the client secret securely

Figure 2 : Generate Client Secret

Step 3.A: All subscriptions + all Resource Groups (Recommended) - Management Group scope

Use this when your subscriptions are organized under a management group.

1. In Azure Portal, search for and open Management groups.
2. Select the management group that contains the subscriptions you want CloudSPX to access.
3. In the left menu, click Access control (IAM).
4. Go to the Role assignments tab (optional, to review existing assignments).
5. Click Add ? Add role assignment.
6. In Role, select:
7. Reader (minimum for discovery), or
8. Contributor (only if CloudSPX will manage/remediate resources).
9. Go to Members, choose User, group, or service principal, then click Select members.
10. Search and select your app’s service principal (e.g., CloudSPX-ServicePrincipal).
11. Click Review + assign, then Review + assign again to complete.

Figure 3 : Management Group scopes

Step 4: Collect Required Details

Ensure the following details are available:

• Tenant ID (from App Registration Overview)
• Client ID (Application ID from App Registration Overview)
• Client Secret (generated in Step 2)
• Subscription ID (from Subscription Overview)

These details will be used during CloudSPX onboarding.

Your Azure environment is now successfully onboarded to CloudSPX, you’re all set to unlock its full capabilities!