Skip to main content

Onboarding Illumio Insights from the Azure Marketplace

  • Onboarding Illumio Insights from the Azure Marketplace
  • Onboarding Illumio Insights from Azure Marketplace

Onboarding Illumio Insights from Azure Marketplace

Here's a summary of your onboarding journey from start to finish. 

Insights_Onboarding_Map_Final.pdf

Onboarding Illumio Insights

Step 1: Subscribe on Azure Marketplace

Details

Step_One.png

  1. Within Azure Marketplace, navigate to the Illumio Insights Free Trial registration page and click Subscribe.

  2. On the Subscribe to Illumio Insights page, under Project details, click the Create new link under the Resource group field to create a new resource group. A resource group is a container that holds related resources for an Azure solution.

  3. Under SaaS details, enter a name for your Illumio Insights instance.

  4. Click Review & Subscribe.

  5. On the Subscription progress page, you'll see your subscription is in progress.

    Your subscription will be complete after your Insights purchase has been verified by Microsoft Azure.

Step 2: Configure Your Account

Details

Step_Two.png

  1. Click Configure account now.

    Note

    You will be redirected from the Microsoft Azure portal to the Illumio UI. Illumio creates an Illumio tenant for you and validates your subscription with Microsoft Azure. After the tenant has been successfully created, the Account Configured Successfully pane displays.

    Note

    If you opt to skip the setup steps, you can log into Illumio and complete the setup later.

  2. In the Account Configured Successfully pane, click Continue, and then click Log in with Azure to connect your Azure cloud.

  3. Sign into your Azure account with your Azure credentials.

    If you have an SSO connected with your Azure account, you will be directed to that SSO page for authentication. If you opt to skip steps, you can log into Illumio Console and complete the steps later.

  4. On the Permissions Requested pane, check Consent on behalf of your organization and click Accept. This allows the Illumio application's Service Principal to gain just-in-time access privileges as the user who is logging in.

    This table lists the delegated application permissions that will be granted to Illumio:

    API Name

    Claim Value

    Permission

    Azure Resource Manager

    user_impersonation

    Access Azure Resource Manager as organization users

    Microsoft Graph

    offline_access

    Maintain access to data you have given Illumio access to

    Microsoft Graph

    openid

    Sign users in

    Microsoft Graph

    profile

    View a user's basic profile

    Microsoft Graph

    User.Read

    Sign in and read a user profile

Step 3: Scope a Tenant or Subscription

Details

Step_3.png

  1. In the Finish Your Azure integration pane, under Integration Scope, select a tenant or subscription to onboard.

  2. You can select multiple subscriptions from the Subscriptions drop-down list.

Step 4: Enable VNET Flow Logs

Details

Step_Four.png

  1. Enable VNET Flow Logs.

    This allows the Illumio application to create flow logs for VNETs in selected subscriptions and tenants that don't have flow logs configured.

  2. Select Read or Write permissions. 

    1. Read: Allows the Illumio application to view all resources but it cannot make any changes.

    2. Write: Allows the Illumio application to make changes to NSGs and firewalls according to the policies.

    The following table lists the delegated app permissions that will be granted to Illumio Console:

  3. (Optional): Configure tags and centralize flow storage. Click View More Settings (Optional) in the Enable VNET Flow Logs pane.

    Add Tags 

  4. Configure tags for new flow logs and storage accounts. Adding tags helps you meet compliance requirements and enhances search for new resources. To add a tag, click + Add Tag, enter values in the Tag Key and Tag Value fields and click Apply Changes. You can create multiple tags for resources.

    See Use tags to organize your Azure resources and management hierarchy.

  5. Centralize Flow Logs .

    By default, each subscription creates a storage account for its flow logs. You can consolidate all flow logs into one storage account.

  6. To centralize flow logs, click the Centralize Flow Logs tab, select the subscription where you want to centralize your flow logs, and click Apply Changes.

  7. Click Confirm and Continue.

This table describes the roles that will be created for your Azure tenant when you grant read and write permissions to Illumio Console:

Permission Type

Permission Name

Notes

Read

Reader-role (Azure-owned role)

This role gives Illumio Cloud permission to read data or resources from your subscription or tenant. This role allows the viewing of all resources but it does not allow modification.

Write

Illumio Network Security Administration (Illumio-created custom role)

Illumio Firewall Administrator (Illumio-created custom role)

Allows Illumio to manage Network Security Groups and Azure Firewalls in your Azure environment.

Flow

Storage blob data reader

Allows Illumio to read the contents of storage accounts in your Azure environment.

For more information about permissions, see Permissions for Azure Cloud.

Step 5: Explore Insights

Details

Step_Five.png

  1. Create a passkey.

  2. Log into Illumio Console with the passkey you created to explore Illumio Insights.

  3. After you have logged in to Illumio Console, click Onboarding to view the subscriptions or tenants you have onboarded.

Invite Users

After you log into Illumio Console, add your administrator so that they can onboard Illumio Insights.

  1. To invite your admin or other users to use Illumio Insights, navigate to Users and click Add.

  2. Enter the user's details.

    The user will automatically receive an email from Illumio to onboard to Illumio Insights.

  3. Follow the steps listed in Easy Onboarding, next.

Easy Onboarding from Illumio Console when using Azure Marketplace

If you skipped any part of the onboarding process before you logged into Illumio Console from Azure Marketplace or if you want to onboard additional subscriptions or tenants, follow these steps.

  1. Navigate to the Onboarding page.

  2. Click Add Azure.

  3. Select the Easy Onboarding option, a guided setup with automated processes.

  4. Follow the steps in Onboarding Illumio Insights from Azure Marketplace.

    Note

    While you can onboard multiple tenants, you can do so only one tenant at a time. You must configure your default tenant in Azure. See Configure your Azure tenant.