Azure Credential
Azure Credential instances store Microsoft Azure authentication fields needed to connect to, discover, and monitor Microsoft Azure cloud devices. Optionally, you can also configure this credential type with fields that enable WhatsUp Gold to gather enterprise-wide billing (usage) information.
You can apply the following credential sets to an Azure Credential instance:
Azure Tenant Credential Fields. Tenant credentials provide WhatsUp Gold discovery, monitors, tasks, and so on the ability to interact with and manage your Azure resources. For details on how to populate these fields, see the topic titled Steps needed outside of WhatsUp Gold.
Step 1: Name the credential set
Configure/edit the following fields:
- . Enter a unique name for the credential. This name displays in the Credentials Library.
- . Enter additional information about the credential. This information displays next to the credential in the Credentials Library.
Step 2: Azure tenant credential fields
These fields are needed for discovery and monitoring of tenant-level cloud resources (compute, storage, applications, and so on).
: While this credential identifies the Azure Tenant, permissions associated with the credential are limited in scope according to the resource group and permissions associated with the (API key).
For details on how to get information from Azure in order to populate these fields, see Generate an Application Access Key for WhatsUp Gold...
Before you proceed! This procedure includes steps you or your Azure administrator perform outside of WhatsUp Gold. Progress is not responsible for changes to documentation, online resources, and hosted software that originate from Microsoft Azure or other third-party vendors. The documentation that follows was accurate at the time of this WhatsUp Gold release.
In order for your WhatsUp Gold Azure credential to function correctly, you must:
- Step 1: Create an Active Directory (AD) registered application instance from the Azure Management Portal.
- Step 2: Create a secret key that is associated with the AD-application instance you created.
- Step 3: Grant the AD-application instance permissions to the resource group you want to monitor.
Steps 1 & 2: Create an AD-registered Azure Application and generate an application access ("client") key
This topic shows you how to generate an application access key. This is needed to grant WhatsUp Gold polling and discovery access to Azure. You will need to copy this key and add it to your WhatsUp Gold Azure Credential. The key (along with the Tenant and Client IDs) enable WhatsUp Gold to retrieve monitoring information from your Azure environment.
: If you are creating a new AD Application Role for WhatsUp Gold you will also need to associate this application with the Azure Resource Group that contains the resources that you want to monitor. For more information, see Step 3.
This topic also walks you through steps for finding your Azure Tenant and Client IDs.
- Login to your Azure Account through the Microsoft Azure Management Portal.
- Create an Azure Active Directory application as detailed by Microsoft here.
: When you provide a Name and Application Type, choose .
- Get the Client ID (also known as "application ID") and authentication key as detailed here.
: Once you click the Save button, the key value (password) will be displayed. THIS VALUE IS AVAILABLE ONLY ONCE. Copy down this password.
- Extend required API Access permissions within Azure Management Portal to your application role.
From the Azure Management Portal, go to and select your app from the App Registrations Grid.
: Your Application ID is the Client ID needed for WhatsUp Gold.
- Under , check that the following are needed:
- Windows Azure Active Directory
- Windows Azure Service Management API
First them, and then .
- You can get your Tenant ID as detailed here.
Step 3: Grant the AD Application Role access to the appropriate Azure Resource Group(s)
If you are creating a new AD Application role for WhatsUp Gold you will also need to associate this application with the Azure Resource Group(s) containing the resources that you want to monitor. After this step, you should be able to discover Azure resources from the selected Resource Group.
- Login to your Azure Account through the Microsoft Azure Management Portal.
- Select the appropriate Resource Group from Dashboard. For example:
- From the Resource Group you opened, select .
- From the Access Control (IAM) page, click .
The Add Permissions blade opens.
- From Add Permissions blade, choose the following and click Save.
- Role. Select Reader. (Access level WhatsUp Gold requires when gathering information from your Azure environment.)
- Assign access to. No change needed. (The selection should be: Azure AD user, group or application.)
- Select. Type in the name of the Azure Application role to filter the list. Select your AD application from the filtered results, and click Save. For example:
- From WhatsUp Gold, you can now scan for Azure resources. When you run a discovery scan, include this WhatsUp Gold credential. No IP address or domain name will be needed for the scan, WhatsUp Gold discovery gathers host and resource information from the Azure Management API (using the secret key and AD application ID you created and associated with your resource groups).
- . Enter the tenant ID for your Azure subscription. In the Azure Portal, this is labeled "Directory ID." Your directory ID is used to manage Azure resources and subscriptions.
- . Enter your Microsoft Azure client ID. In Azure, this is also called your "Application ID."
- . Secret application access key needed for authorizing WhatsUp Gold access to Microsoft Azure Resources.
Azure Billing Fields (Optional). This API key/ID pair enable WhatsUp Gold to fetch billing and periodic usage measurements. You must populate these fields if you want to use the Azure Billing Performance Monitor. Your Enterprise Azure administrator has the ability to generate an API key using the Enterprise Azure Management Portal.
These fields are needed for monitoring and reporting related to enterprise-wide Azure billing.
: You need Azure Enterprise Administrator access if you want to generate a new key, but you only need the enrollment number and an API billing key generated by your site's designated Azure Enterprise Administrator to track and report on billing and resources for your subscription. Check with your site's Azure Enterprise Administrator for details.
Steps needed outside of WhatsUp Gold for this credential to work
Before you proceed! This procedure includes steps you or your Azure administrator perform outside of WhatsUp Gold. Progress is not responsible for changes to documentation, online resources, and hosted software that originate from Microsoft Azure or other third-party vendors. The documentation that follows was accurate at the time of this WhatsUp Gold release.
In order for your WhatsUp Gold Azure credential to function correctly, you must:
- Step 1: Create an Active Directory (AD) registered application instance from the Azure Management Portal.
- Step 2: Create a secret key that is associated with the AD-application instance you created.
- Step 3: Grant the AD-application instance permissions to the resource group you want to monitor.
Steps 1 & 2: Create an AD-registered Azure Application and generate an application access ("client") key
This topic shows you how to generate an application access key. This is needed to grant WhatsUp Gold polling and discovery access to Azure. You will need to copy this key and add it to your WhatsUp Gold Azure Credential. The key (along with the Tenant and Client IDs) enable WhatsUp Gold to retrieve monitoring information from your Azure environment.
: If you are creating a new AD Application Role for WhatsUp Gold you will also need to associate this application with the Azure Resource Group that contains the resources that you want to monitor. For more information, see Step 3.
This topic also walks you through steps for finding your Azure Tenant and Client IDs.
- Login to your Azure Account through the Microsoft Azure Management Portal.
- Create an Azure Active Directory application as detailed by Microsoft here.
: When you provide a Name and Application Type, choose .
- Get the Client ID (also known as "application ID") and authentication key as detailed here.
: Once you click the Save button, the key value (password) will be displayed. THIS VALUE IS AVAILABLE ONLY ONCE. Copy down this password.
- Extend required API Access permissions within Azure Management Portal to your application role.
From the Azure Management Portal, go to and select your app from the App Registrations Grid.
: Your Application ID is the Client ID needed for WhatsUp Gold.
- Under , check that the following are needed:
- Windows Azure Active Directory
- Windows Azure Service Management API
First them, and then .
- You can get your Tenant ID as detailed here.
Step 3: Grant the AD Application Role access to the appropriate Azure Resource Group(s)
If you are creating a new AD Application role for WhatsUp Gold you will also need to associate this application with the Azure Resource Group(s) containing the resources that you want to monitor. After this step, you should be able to discover Azure resources from the selected Resource Group.
- Login to your Azure Account through the Microsoft Azure Management Portal.
- Select the appropriate Resource Group from Dashboard. For example:
- From the Resource Group you opened, select .
- From the Access Control (IAM) page, click .
The Add Permissions blade opens.
- From Add Permissions blade, choose the following and click Save.
- Role. Select Reader. (Access level WhatsUp Gold requires when gathering information from your Azure environment.)
- Assign access to. No change needed. (The selection should be: Azure AD user, group or application.)
- Select. Type in the name of the Azure Application role to filter the list. Select your AD application from the filtered results, and click Save. For example:
From WhatsUp Gold, you can now scan for Azure resources. When you run a discovery scan, include this WhatsUp Gold credential. No IP address or domain name will be needed for the scan, WhatsUp Gold discovery gathers host and resource information from the Azure Management API (using the secret key and AD application ID you created and associated with your resource groups).