Skip to main content

Cloud

Create a Terraform Illumio Cloud Onboarding Application for Azure

Learn to create an onboarding application for Azure subscriptions using Terraform. Illumio provides a Terraform module to automate Azure application creation and grant the application the necessary permissions for integration with Illumio Cloud. Create the Terraform Azure application before you onboard your Azure subscription using Terraform. See Onboard an Azure Subscription using a Terraform Illumio Cloud Onboarding Application.

Here's an overview of the workflow to onboard Azure subscriptions using Terraform.

  1. Create and Register a Terraform Illumio Onboarding Application.

  2. Get your Terraform Illumio Onboarding Application Client Secret.

  3. Set Permissions for your Terraform Illumio Onboarding Application.

  4. Assign Roles and Access for your Terraform Illumio Onboarding Application

Create and Register a Terraform Illumio Onboarding Application

  1. Launch the Microsoft Azure Portal and sign in.

  2. Browse to Microsoft Entra ID (formerly Azure Active Directory) > Properties.

  3. Copy the tenant ID and save it in a text file. You'll need it later when you modify your Terraform script for onboarding Azure.

    copy-tenant-id.png

  4. Browse to App registrations > New registrations.

  5. Enter the name and click Register. Terraform uses this application only to create another application, which provides Illumio Cloud access to your tenant and its subscriptions.

  6. Copy the Application (client) ID and save it in a text file. You'll need it later when you modify your Terraform script for onboarding Azure.

    app-client-id-crop.png
Get your Terraform Illumio Onboarding Application Client Secret

  1. Click Certificate & secrets.

  2. Under Client secrets, click New client secret.

  3. Enter a description, select the recommended expiration, and click Add.

  4. Copy the client secret value and save it in a text file. You'll need it later when you modify your Terraform script for onboarding Azure.

    client-secret-value-eraser.png
Set Permissions for your Terraform Illumio Onboarding Application

  1. Click API permissions.

  2. Browse to Configured permissions > Add a permission.

  3. Under Commonly used Microsoft APIs, browse to Microsoft Graph > Delegated permissions.

  4. Expand the following:

    • Application: check the box for Application.ReadWrite.All

    • Directory: check the box for Directory.ReadWrite.All

  5. Click API permissions.

  6. Click Grant admin consent for Default Directory for Azure to grant the permission.

    grant-admin-consent.png
Assign Roles and Access for your Terraform Illumio Onboarding Application

  1. Navigate to the Subscription and copy the Subscription ID to save it in a text file. You'll need it later when you modify your Terraform script for onboarding Azure.

    subscription-id.png

  2. Click Access Control (IAM).

  3. Browse to Add > Add a role assignment.

  4. Choose the following field values:

    • Role tab: Privileged administrator roles: Owner

    • Members tab: Assign access to: 'User, group, or service principal'

  5. In the Members tab, click Select Members.

  6. Enter the application name or ID and click Select.

  7. Click Save.

    The application now includes the correct permissions with the correct identifiers and credentials. You will need these identifiers and credentials when you modify your Azure onboarding Terraform script. See Onboard an Azure Subscription using a Terraform Illumio Cloud Onboarding Application.