This guide was created with Scribe in 2 minutes. Sign in and create your own!
Configuring the Service Principal for Admin App access
Rodney Joyce |
0 step |
2 minutes
Changes need to be made to the Service Principal to allow users to log in to the CloudMonitor Admin App.
1
Open your Azure Portal in a new browser window (<https://portal.azure.com>).
You need to be logged into Azure as an Active Directory Administrator. Open "Microsoft Entra ID" (formerly "Azure Active Directory").
Zoom Saved
2
Open the Service Principal (also known as an "App Registration") that you added previously for CloudMonitor. You can do this by searching for the Service Principal Name or ClientId.
In our case, it is "CloudMonitor-SP".
Zoom Saved
3
Once you have the Service Principal open, select "Authentication" in the left menu and click on "Add a platform" and choose "Single-page application".
Zoom Saved
4
Copy and paste the Admin App Url provided to you by the CloudMonitor support team into the Redirect URIs. If you do not know what this is, contact Support and we'll find it for you.
Zoom Saved
5
Check both checkboxes for Access Tokens and ID Tokens and ensure that the "Supported account types" option is set to Single Tenant only and save.
Zoom Saved
6
Then choose "Expose an API" in the left menu and click on "Add a scope"
Zoom Saved
7
Add the word "**/appRoles**" to the end of the Application ID URI (Do not change anything else) and click on "Save and continue".
Zoom Saved
8
Enter "User.Read" in the "Scope name" field and select "Admins and users".
Zoom Saved
9
Click the "Admin consent display name" field and enter "UserRoles". Copy this into the "Admin consent description", as well as the "User consent display name" and "User consent description" and click on "Add scope" to save.
Zoom Saved
10
Select "App roles" in the left menu. and click on "Create app role".
Zoom Saved
11
Enter "Support" as the name and choose "Applications".
Zoom Saved
12
Click on the Value field and enter "Support", then copy and paste this into the Description field too. Ensure that the app role is enabled and click on "Apply" to save.
Zoom Saved
13
Select "API permissions" in the left menu and click on "Add a permission".
Zoom Saved
14
Choose "APIs my organization uses".
Zoom Saved
15
Click the "Start typing an API name or Application ID" field, then search and click on the name of your Service Principal (in our cased it is "CloudMonitor-SP").
Zoom Saved
16
Choose "Application permissions".
Zoom Saved
17
and check the "Support" permission and Click "Add permissions"
Zoom Saved
Click on "Grant admin consent for your organization".
Note: Only Admin are allowed to grant consent.
18
After doing the steps in adding the support application permission and has been granted by your administrator, it should look like this.
Zoom Saved
Want to make guides like this in seconds? Yes, it's really that fast.
Show Me How
Have something to say?Create an account to leave messages for the author to see!Create an account
Feedback
This Scribe is in tip-top shape!Leave feedback if there are any issues with this Scribe