Use the ManagedIdentity Credential for the Illumio Sentinel Solution
Illumio now provides an alternate way of managing your identity using the Monitoring Metrics Publisher role.
Note
Perform the following steps only if you have already deployed the Illumio Sentinel Solution. These procedures do not apply to new Illumio Sentinel Solution deployments.
You must upgrade your function app before you perform the following steps.
Enable a System-Assigned Managed Identity
Navigate to Azure Portal > Function Apps.
Select Settings > Identity from the left navigation pane.
On the System assigned tab, set the Status to On, click Save, and click Yes to confirm.
Copy the Object (Principal) ID.
Assign the Monitoring Metrics Publisher Role to the Managed Identity
Navigate to Azure Portal > Data Collection Rules.
Select your Data Collection Rule (such as intg-dcr-illumio).
In the left navigation pane, select Access control (IAM).
Click Add > Add role assignment.
Configure the role assignment with the following values:
Field
Value
Role
Monitoring Metrics Publisher
Assign access to
Managed identity
Members
Select your function app's managed identity.
Click Review + assign.
Wait 5 to 10 minutes for the function app to register the new role.
When you deploy the Illumio Sentinel Solution:
The function app deploys with a system-assigned managed identity.
The ARM template automatically assigns the Monitoring Metrics Publisher role to the managed identity on the Data Collection Rule.
You do not have to manually register the app or manage the client secret.