In this article, you will understand step by step how to easily integrate Scytale with Azure integrations
Learn how to connect multiple Azure services seamlessly using the same credentials, simplifying integration and ensuring access for most Microsoft integrations. We will guide you through setting up permissions for Azure services integrated with Scytale.
How to connect Azure integrations?
Prerequisite: Ensure that you have the necessary role to collect the data from all Azure integrations or that you have administrator privileges.
💡Please Note: This guide covers the integration process for most Azure services, excluding Microsoft Intune, Azure Active Directory, Azure DevOps, and Azure Boards, which have separate guides.
To finish the setup you will need to fill in 4 fields:
- Application ID
- Secret Value
- Directory ID
- Subscription ID
Step 1: Register an application
- Log in to the Azure portal and then navigate to Azure Active Directory.
- On the left menu, click on App registrations.
- On the screen that loads, click on New registration and fill in the following details:
- Name - you can choose a name.
- Supported account types - the first option must be selected - "Accounts in this organizational directory only (Default Directory only - Single tenant)".
-
- Click on Register.
- In the overview tab of the application, refer to the information under "Essentials", copy (you'll use it for Scytale connection):
- Application (Client) ID.
- Directory (tenant) ID.
- On the left menu, go to Authentication.
- Click on +Add a platform.
- In configure platform, select web.
- Copy this URI into the redirect URI field https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-database
- Click on Configure.
- Go to authentication again, and under the web section, click Add URI.
- Add the following URIs:
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-database (already added as the first URI, please verify it)
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-key-vault
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-waf
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-subscriptions
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-virtual-network
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-firewall
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-storage
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-virtual-machines
- https://api.scytale.ai/integrations/microsoft-graph/callback/microsoft-document-db
Step 2: Create a new client secret for the app
- Go to App registrations.
- Select the application you created in step 1.
- Go to "Certificates & secrets".
- Click on New client secret.
-
Description - Expires - we recommend selecting 24 months (we cannot collect data after the key expires).
-
Click on Add.
- Click on the copy sign on the Value column (you'll use it for Scytale connection).
Step 3: Create a custom role in the subscriptions
- Go to subscriptions.
- Copy the relevant subscription ID (you'll need to paste it into the scytale integration connection).
- Click on the relevant subscription.
- Navigate in the subscription menu to 'Access control (IAM)'.
- Select +Add and select the 'Add custom role' option.
- Under the basics tab, choose a name for the 'Custom role name'.
- Click on 'Next'.
- Go to the JSON tab and click on 'Edit'.
- Paste the following JSON snippet in the "permissions" key:
"permissions": [
{
"actions": [
"Microsoft.Network/*/read",
"Microsoft.ClassicNetwork/*/Read",
"Microsoft.Compute/*/Read",
"Microsoft.Insights/*/Read",
"Microsoft.Storage/*/read",
"Microsoft.Sql/*/read",
"Microsoft.Resources/*/read",
"Microsoft.KeyVault/*/read",
"Microsoft.DocumentDB/*/read",
"Microsoft.DBforPostgreSQL/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.KeyVault/*/read"
],
"notDataActions": []
}
] - Click on 'Save', then 'Review + create', and then 'Create'.
Step 4: Create a role assignment
- Return again in the subscription menu to 'Access control (IAM)'.
- Select +Add and select the 'Add role assignment' option.
- In the role tab, search for the custom role you created in step 3.
- Click on the role and then select 'Next'.
- In the members tab, on the Members section, click on '+select members'.
- Search the application name you created in step 1 and click on it.
- Click on 'Select'.
- Click on 'Review + assign'.
Step 5: Log in to the Scytale web app
- Click on the "Integrations" menu screen to the left.
- Click on "Connect" to the following Azure integrations
💡You can use the same credentials to connect all or part of the following integrations- Azure SQL Databases
- Azure Storage Accounts
- Azure Virtual Machines
- Azure Firewall
- Azure Subscriptions
- Azure Virtual Network
- Azure Web Application Firewall
- Azure Cosmos DB
- Paste the following details into the connection screen of each integration:
- Application ID - (from step 1 above)
- Secret Value - (from step 2 above)
- Directory ID - (from step 1 above)
- Subscription ID - (from step 3 above)
- Connection Name - is used to differentiate between your connections.
For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), but you can change it to a custom name to make it easier to identify.
For example: scytale-production-env.
Click on Connect - Click Connect to complete the integration process within the tool.
- To approve the application's permissions, you will be redirected to a Microsoft page.
Congrats, you are done! 🎉