Skip to content

Create a Microsoft Azure Application Registration machine

Creating this machine enables Certificate Manager - SaaS to connect to a Microsoft Azure Application Registration and discover the certificates configured as application credentials.

Before you begin

Note

To create a Microsoft Azure Application Registration machine, you must have one of the following roles:

  • System Administrator
  • PKI Administrator
  • Platform Administrator
  • Resource Owner (for connectors owned by your team)

You will need the following information to complete this procedure:

  • Tenant ID
  • Client ID
  • Client secret
  • Credentials: Choose between user credentials or shared credentials.
    • User credentials: The account you use must have administrative permissions.
    • Shared credentials: Optionally, you can use shared credentials from your credential provider (CyberArk is the only credential provider currently supported by Certificate Manager - SaaS). To use this option, first set up the connection to CyberArk.
  • At least one active VSatellite

  • CyberArk permissions for Azure: You must specify these permissions when defining the role's permission policy.

    Note

    The Azure application registration must have sufficient permissions to query application credentials. If the permissions are insufficient, the connection test fails with an “Insufficient privileges to complete the operation” error.

  1. Enter the Tenant ID.

  2. Select a Credential Type.

  3. Enter the Client ID.

  4. Enter the Client Secret.

  5. Click Test Access, then click Continue.
    Continue is available only after a successful test.

    Note

    If Test Access fails:

    • Verify that the client secret value (not the secret ID) is entered.
    • Ensure the Azure Application Registration has sufficient permissions.

What's next?

Refer back to Create a new machine to finish setting up your new machine by configuring discovery schedules.

For existing machines: