Azure

Last updated 1 month ago

Was this helpful?

Azure

Brainboard allows you to connect to your Azure environments, whether you want to provision resources, import existing infrastructure or simply manage your architecture on a daily basis.

It supports 2 authentication methods described below:

(recommended)

You need an app registration in your Azure account to be able to connect Brainboard successfully.

Configure access

To connect Brainboard to your AWS account:

Go to the settings page.
Click on Microsoft Azure
Click on New connection
This will open the new connection page where you have 2 options:

Client certificate

This is the recommended way to connect to your Azure environments as it doesn't require any secret sharing.

When you click on the option Client Certificate Brainboard guides you in the connection process:

In this page, click on Register app button, it will open your Azure portal with pre-filled information and download the certificate
In your Azure portal, add a name of the app registration and click Register
Go to manage, then Certificates & secrets, and click on certificates tab and upload the certificate you downloaded in step 1
In the same app registration page, click on overview to get the follow information:
1. Application (client) id
2. Directory (tenant) id
Go to the subscription that you want to connect to Brainboard and get its ID
Navigate to Access control (IAM) to create a role assignment with the right privilege
In Brainboard, put all the information you collected before, and click Continue:
1. Application (client) id
2. Directory (tenant) id
3. Subscription id
Brainboard checks if the connection can be established:
1. If the connection is successful, you will have this message
2. If it fails, you get an information about it
Name the connection in Brainboard
This name is used only within Brainboard, so it's a best practice to give an explicit name that allows you to identify which subscription is referring to.

Client secret

Brainboard allows you to add your client secret if this is your preferred way to connect to your Azure environments:

Follow the same steps as Client certificate except in step 4, generate a new client secret

Set the scope

Once your credentials are added you can specify where exactly they will be used

This allows you to specify whether you want:

Make the credentials the default to use within your organization: which means any architecture created in Brainboard will use these credentials if it doesn't have its own ones.
Use in a specific project
Use in a specific environment
Use in a specific architecture