Configuring the Service Principal for Admin App access | Scribe

    Configuring the Service Principal for Admin App access

    • Rodney Joyce |
    • 0 step |
    • 2 minutes
    Changes need to be made to the Service Principal to allow users to log in to the CloudMonitor Admin App.
    Open your Azure Portal in a new browser window (<https://portal.azure.com>). You need to be logged into Azure as an Active Directory Administrator. Open "Microsoft Entra ID" (formerly "Azure Active Directory").
    Open the Service Principal (also known as an "App Registration") that you added previously for CloudMonitor. You can do this by searching for the Service Principal Name or ClientId. In our case, it is "CloudMonitor-SP".
    Once you have the Service Principal open, select "Authentication" in the left menu and click on "Add a platform" and choose "Single-page application".
    Copy and paste the Admin App Url provided to you by the CloudMonitor support team into the Redirect URIs. If you do not know what this is, contact Support and we'll find it for you.
    Check both checkboxes for Access Tokens and ID Tokens and ensure that the "Supported account types" option is set to Single Tenant only and save.
    Then choose "Expose an API" in the left menu and click on "Add a scope"
    Add the word "**/appRoles**" to the end of the Application ID URI (Do not change anything else) and click on "Save and continue".
    Enter "User.Read" in the "Scope name" field and select "Admins and users".
    Click the "Admin consent display name" field and enter "UserRoles". Copy this into the "Admin consent description", as well as the "User consent display name" and "User consent description" and click on "Add scope" to save.
    Select "App roles" in the left menu. and click on "Create app role".
    Enter "Support" as the name and choose "Applications".
    Click on the Value field and enter "Support", then copy and paste this into the Description field too. Ensure that the app role is enabled and click on "Apply" to save.
    Select "API permissions" in the left menu and click on "Add a permission".
    Choose "APIs my organization uses".
    Click the "Start typing an API name or Application ID" field, then search and click on the name of your Service Principal (in our cased it is "CloudMonitor-SP").
    Choose "Application permissions".
    and check the "Support" permission and Click "Add permissions"
    Click on "Grant admin consent for your organization". Note: Only Admin are allowed to grant consent.
    After doing the steps in adding the support application permission and has been granted by your administrator, it should look like this.

    Want to make guides like this in seconds? Yes, it's really that fast.

    This Scribe is in tip-top shape!Leave feedback if there are any issues with this Scribe