# Azure Brainboard allows you to connect to your Azure environments, whether you want to provision resources, import existing infrastructure or simply manage your architecture on a daily basis. It supports 2 authentication methods described below: 1. [Client certificate](#client-certificate) (recommended) 2. [Client secret](#client-secret) {% hint style="info" %} You need an app registration in your Azure account to be able to connect Brainboard successfully. {% endhint %} ### Configure access To connect Brainboard to your AWS account: 1. Go to the [Cloud providers integration](https://app.brainboard.co/settings/integrations/cloud-providers) settings page. 2. Click on `Microsoft Azure` 3. Click on `New connection`

4. This will open the new connection page where you have 2 options:

### Client certificate {% hint style="success" %} This is the recommended way to connect to your Azure environments as it doesn't require any secret sharing. {% endhint %} When you click on the option `Client Certificate` Brainboard guides you in the connection process: 1. In this page, click on `Register app` button, it will open your Azure portal with pre-filled information and download the certificate

2. In your Azure portal, add a name of the app registration and click `Register`

3. Once the app registration done, navigate to the [app registration page](https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade) and search for the one you just created, then click on it to open its configuration

4. Go to manage, then Certificates & secrets, and click on certificates tab and upload the certificate you downloaded in step 1

5. In the same app registration page, click on overview to get the follow information: 1. Application (client) id 2. Directory (tenant) id 6. Go to the subscription that you want to connect to Brainboard and get its ID 7. Navigate to Access control (IAM) to create a role assignment with the right privilege

8. In Brainboard, put all the information you collected before, and click `Continue`: 1. Application (client) id 2. Directory (tenant) id 3. Subscription id 9. Brainboard checks if the connection can be established: 1. If the connection is successful, you will have this message

2. If it fails, you get an information about it

10. Name the connection in Brainboard

This name is used only within Brainboard, so it's a best practice to give an explicit name that allows you to identify which subscription is referring to. ### Client secret Brainboard allows you to add your client secret if this is your preferred way to connect to your Azure environments:

Follow the same steps as [#client-certificate](#client-certificate "mention") except in step 4, generate a new client secret

### Set the scope Once your credentials are added you can specify where exactly they will be used

This allows you to specify whether you want: 1. Make the credentials the default to use within your organization: which means any architecture created in Brainboard will use these credentials if it doesn't have its own ones. 2. Use in a specific project 3. Use in a specific environment 4. Use in a specific architecture