Skip to content
This repository has been archived by the owner on Oct 31, 2019. It is now read-only.

update authentication instructions #100

Merged
merged 1 commit into from
Sep 27, 2017
Merged

update authentication instructions #100

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 29 additions & 22 deletions vignettes/Authentication.Rmd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,46 +16,53 @@ To use the `AzureSMR` package, you must create an Azure Active Directory applica
You must collect three pieces of information to authenticate with the `createAzureContect()` function:

* tenant ID (`tenantID`)
* client ID (`clientID`)
* application ID, previously known as client ID (`clientID`)
* authentication key (`authKey`)

## Create an Active Directory application.

1. Login to the Classic (the old) Portal https://manage.windowsazure.com/.
1. Login to the [Azure Portal](https://portal.azure.com).

2. On the left hand menu you should see amongst all the items one called `ACTIVE DIRECTORY`. Click the item and an active directory DIRECTORY will be listed.
1. On the left side of the screen, there should be a list of the different things you can create in Azure. Click on "Azure Active Directory".

3. Click on an entry under the Name column (if there is only one entry the choice is easy!) to take you to a page of options to get started with some text like I WANT TO.
1. The AAD blade should appear. Under "Manage", click on "App registrations".

4. Along the top menu click `APPLICATIONS`.
1. Along the top menu, click "New application registration".

5. You probably want to create a new application so type a name for it in the Search box (I called mine `AzureSMR`). The search result will come back with no results and a button that says `ADD AN APPLICATION` -> which you should click.
1. In the Create blade, enter the details for your new application. The name should be unique, and the "application type must be Web app/API". It doesn't matter what sign-on URL you provide (it won't be used), but it must be a valid URL.

6. Give the application a name and choose `WEB APPLICATION AND/OR WEB API`. Then go to the next page `->`.
1. Click on "Create". After a few seconds, a new blade will appear containing a list of all registered AAD applications.

7. Provide some dummy URLs. They are not used but they must be valid URLs. Click on the tick to continue to create the application.
1. First, get your tenant ID from this screen. Click on "Endpoints" at the top of the blade. This will popup a new blade giving several URLs for accessing the client.

8. Under the Configure menu button take note of the **client ID**.
1. Choose one of these (it doesn't matter which one) and click the button on the side to copy the URL to the clipboard.

9. Under the `Keys` section choose a 1 year duration (or 2) and click the Save button at the bottom of the screen. An **authenticatio key** is generated which you should copy now and save it somewhere.
1. Paste the URL into Notepad or another text editor. It will contain a sequence of hex digits in the middle, which is your **tenant ID**.

10. You also need the **tenant ID**. Click the `VIEW ENDPOINTS` button on the bottom of the screen and find a list of endpoints all including the tenant ID as a sequence of hexadecimals.
1. Return to the list of apps by closing the Endpoints blade. Find your app by entering the name you chose into the search box.

11. Now set up the applications permissions. Click the `Add application` button. In the resulting window scroll to `Windows Azure Service Management API` and select it. Then click the Tick icon.
1. When your app appears in the list, click on it. In the details, note the **application ID**.

12. Under the resulting "permissions to other applications" section, for the Windows Azure Service Management API entry, from the `Delegated Permissions` drop down tick the Access Azure Service Management as organization.
1. The Settings blade for your app should also be on the screen. Click on the "Keys" entry.

13. Click on the Save icon at the bottom of the window again.
1. You will need to create a new **authentication key**. Enter a name for it, choose a 1 year duration (or 2) and click "Save" at the top of the blade. When the key is generated, copy it and save it somewhere. _You won't be able to see it again, so make sure you copy it now._

1. Return to your app settings by closing the Keys blade. Click the "Required permissions" entry.

1. In the permissions blade, click "Add". Click on "Select an API" and choose "Windows Azure Service Management API". Then click Select at the bottom of the blade.

1. This should bring up the Enable Access blade. Check the tick box next to "Delegated permissions" and click Select at the bottom of the blade.

1. Click Done at the bottom of the permissions blade.

14. Now assign the application a role and to do so you go to the (new) Azure portal. https://portal.azure.com/

## Access control

You can apply access control at either the resource group level or the subscription level

### To apply access control at Resource Group

15. Click on Resource Groups menu item on the left in the portal.
1. Click on Resource Groups menu item on the left in the portal.

16. Identify the resource group you will associate with this application.

Expand All @@ -70,17 +77,17 @@ You can apply access control at either the resource group level or the subscript

### Alternatively you can access control at Subscription Level

15. Click on Subscriptions on the left menu item in the portal.
1. Click on Subscriptions on the left menu item in the portal.

16. Identify the Subscription you will associate with this application.
1. Identify the Subscription you will associate with this application.

17. Choose the `Access Control (IAM)` menu item.
1. Choose the `Access Control (IAM)` menu item.

18. In the resulting scope click the `+ Add` button.
1. In the resulting scope click the `+ Add` button.

19. Choose the role as Owner and under the user search box enter the name of the App, e.g. `AzureSMR`.
1. Choose the role as Owner and under the user search box enter the name of the App, e.g. `AzureSMR`.

20. Select the resulting list item for that App then click Select in that scope then OK in the "Add access" scope. The user will be added to the list.
2. Select the resulting list item for that App then click Select in that scope then OK in the "Add access" scope. The user will be added to the list.

## Conclusion

Expand Down