From 4a229f91c73b632218bedb681cd6dfd1c06adf74 Mon Sep 17 00:00:00 2001 From: hong-revo Date: Sun, 24 Sep 2017 22:29:21 +1000 Subject: [PATCH] update authentication instructions --- vignettes/Authentication.Rmd | 51 ++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/vignettes/Authentication.Rmd b/vignettes/Authentication.Rmd index 5129784..bd33199 100644 --- a/vignettes/Authentication.Rmd +++ b/vignettes/Authentication.Rmd @@ -16,38 +16,45 @@ To use the `AzureSMR` package, you must create an Azure Active Directory applica You must collect three pieces of information to authenticate with the `createAzureContect()` function: * tenant ID (`tenantID`) -* client ID (`clientID`) +* application ID, previously known as client ID (`clientID`) * authentication key (`authKey`) ## Create an Active Directory application. -1. Login to the Classic (the old) Portal https://manage.windowsazure.com/. +1. Login to the [Azure Portal](https://portal.azure.com). -2. On the left hand menu you should see amongst all the items one called `ACTIVE DIRECTORY`. Click the item and an active directory DIRECTORY will be listed. +1. On the left side of the screen, there should be a list of the different things you can create in Azure. Click on "Azure Active Directory". -3. Click on an entry under the Name column (if there is only one entry the choice is easy!) to take you to a page of options to get started with some text like I WANT TO. +1. The AAD blade should appear. Under "Manage", click on "App registrations". -4. Along the top menu click `APPLICATIONS`. +1. Along the top menu, click "New application registration". -5. You probably want to create a new application so type a name for it in the Search box (I called mine `AzureSMR`). The search result will come back with no results and a button that says `ADD AN APPLICATION` -> which you should click. +1. In the Create blade, enter the details for your new application. The name should be unique, and the "application type must be Web app/API". It doesn't matter what sign-on URL you provide (it won't be used), but it must be a valid URL. -6. Give the application a name and choose `WEB APPLICATION AND/OR WEB API`. Then go to the next page `->`. +1. Click on "Create". After a few seconds, a new blade will appear containing a list of all registered AAD applications. -7. Provide some dummy URLs. They are not used but they must be valid URLs. Click on the tick to continue to create the application. +1. First, get your tenant ID from this screen. Click on "Endpoints" at the top of the blade. This will popup a new blade giving several URLs for accessing the client. -8. Under the Configure menu button take note of the **client ID**. +1. Choose one of these (it doesn't matter which one) and click the button on the side to copy the URL to the clipboard. -9. Under the `Keys` section choose a 1 year duration (or 2) and click the Save button at the bottom of the screen. An **authenticatio key** is generated which you should copy now and save it somewhere. +1. Paste the URL into Notepad or another text editor. It will contain a sequence of hex digits in the middle, which is your **tenant ID**. -10. You also need the **tenant ID**. Click the `VIEW ENDPOINTS` button on the bottom of the screen and find a list of endpoints all including the tenant ID as a sequence of hexadecimals. +1. Return to the list of apps by closing the Endpoints blade. Find your app by entering the name you chose into the search box. -11. Now set up the applications permissions. Click the `Add application` button. In the resulting window scroll to `Windows Azure Service Management API` and select it. Then click the Tick icon. +1. When your app appears in the list, click on it. In the details, note the **application ID**. -12. Under the resulting "permissions to other applications" section, for the Windows Azure Service Management API entry, from the `Delegated Permissions` drop down tick the Access Azure Service Management as organization. +1. The Settings blade for your app should also be on the screen. Click on the "Keys" entry. -13. Click on the Save icon at the bottom of the window again. +1. You will need to create a new **authentication key**. Enter a name for it, choose a 1 year duration (or 2) and click "Save" at the top of the blade. When the key is generated, copy it and save it somewhere. _You won't be able to see it again, so make sure you copy it now._ + +1. Return to your app settings by closing the Keys blade. Click the "Required permissions" entry. + +1. In the permissions blade, click "Add". Click on "Select an API" and choose "Windows Azure Service Management API". Then click Select at the bottom of the blade. + +1. This should bring up the Enable Access blade. Check the tick box next to "Delegated permissions" and click Select at the bottom of the blade. + +1. Click Done at the bottom of the permissions blade. -14. Now assign the application a role and to do so you go to the (new) Azure portal. https://portal.azure.com/ ## Access control @@ -55,7 +62,7 @@ You can apply access control at either the resource group level or the subscript ### To apply access control at Resource Group -15. Click on Resource Groups menu item on the left in the portal. +1. Click on Resource Groups menu item on the left in the portal. 16. Identify the resource group you will associate with this application. @@ -70,17 +77,17 @@ You can apply access control at either the resource group level or the subscript ### Alternatively you can access control at Subscription Level -15. Click on Subscriptions on the left menu item in the portal. +1. Click on Subscriptions on the left menu item in the portal. -16. Identify the Subscription you will associate with this application. +1. Identify the Subscription you will associate with this application. -17. Choose the `Access Control (IAM)` menu item. +1. Choose the `Access Control (IAM)` menu item. -18. In the resulting scope click the `+ Add` button. +1. In the resulting scope click the `+ Add` button. -19. Choose the role as Owner and under the user search box enter the name of the App, e.g. `AzureSMR`. +1. Choose the role as Owner and under the user search box enter the name of the App, e.g. `AzureSMR`. -20. Select the resulting list item for that App then click Select in that scope then OK in the "Add access" scope. The user will be added to the list. +2. Select the resulting list item for that App then click Select in that scope then OK in the "Add access" scope. The user will be added to the list. ## Conclusion