XIA Configuration Administrator's Guide

Follow these steps to enable the Azure tenant tasks to access Microsoft Azure using a service principal with certificate.

For more information see 

https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal

• Ensure that a client certificate and private key that supports client authentication is installed on the machine running the XIA Configuration Client and that the certificate is accessible to the service account.
  
  
  
  
• Export the public key of the client certificate in CER, PEM, or CRT format.
  
  
• Logon to the Azure Portal as a user account with the sufficient permissions.
  
  
• Go to Microsoft Entra ID > App Registrations > New Registration.
  
  
• Enter an appropriate name for the application - for example "XIA Configuration Server".
  
  
• For supported account types select
  Accounts in this organizational directory only
  
  
• Do not specify a Redirect URI.
  
  
• Click Register.
  
  
• Make a note of the following values
  
  Application (client) ID
  Directory (tenant) ID
  
  
• Go to Certificates & secrets > Certificates.
  
  
• Click Upload Certificate.
  
  
• Browse for the certificate and provide a description.
  
  
  
  
• Copy and record the thumbprint.
  
  
  
  
• Go to Azure Active Directory > Roles and Administrators > Global reader.
  
  
  
  
• Click Add assignments and search for and select the service principal and click Add.
  

• Go to Subscriptions and for each subscription select Access Control (IAM).
  
  
• Click Add > Add role assignment and select the Reader role and click Next.
  
  
• Add the service principal to the role.