Skip to content

Create a Microsoft Azure Application Registration machine

This feature is in Preview

This feature is currently available as a Preview and is not yet generally available (GA). Functionality and behavior may change before GA.

Creating this machine enables Certificate Manager - SaaS to connect to a Microsoft Azure Application Registration and discover the certificates configured as application credentials.

Before you begin

Note

To create a Microsoft Azure Application Registration machine, you must have one of the following roles:

  • System Administrator
  • PKI Administrator
  • Platform Administrator
  • Resource Owner (for connectors owned by your team)

You will need the following information to complete this procedure:

  • Tenant ID
  • Client ID
  • Client secret
  • Credentials: Choose between user credentials or shared credentials.
    • User credentials: The account you use must have administrative permissions.
    • Shared credentials: Optionally, you can use shared credentials from your credential provider (CyberArk is the only credential provider currently supported by Certificate Manager - SaaS). To use this option, first set up the connection to CyberArk.
  • At least one active VSatellite
  • CyberArk permissions for Azure: You must specify these permissions when defining the role's permission policy.

Before creating the machine in Certificate Manager - SaaS, you must configure the Azure Application Registration with the required permissions:

  1. Create an Application Registration in your Azure portal.

  2. Create a Client Secret for the application registration. This secret will be used for authentication in the Certificate Manager - SaaS connector.

  3. Add the required API permission:

    1. Navigate to API permissions in your application registration.
    2. Click Add a permission > Microsoft Graph > Application permissions.
    3. Add the Application.Read.All permission.

  4. Grant admin consent for the tenant to activate the permission.

    Important

    The Application.Read.All permission is required for Certificate Manager - SaaS to query application credentials. If this permission is not granted, the connection test will fail with an “Insufficient privileges to complete the operation” error.

  1. Enter the Tenant ID.

  2. Select a Credential Type.

  3. Enter the Client ID.

  4. Enter the Client Secret.

  5. Click Test Access, then click Continue.
    Continue is available only after a successful test.

    Note

    If Test Access fails:

    • Verify that the client secret value (not the secret ID) is entered.
    • Ensure the Azure Application Registration has sufficient permissions.

What's next?

Refer back to Create a new machine to finish setting up your new machine by configuring discovery schedules.

For existing machines: