Link Azure Subscription Using Managed Identities
Starting with v6.6, Nerdio Manager allows you to link Azure subscriptions using Managed Identities in addition to App Registrations.
Note: You must assign the necessary permissions to Managed Identity (MI). These are the same requirements when you link your subscription using App Registration. See Link Azure Subscription Using App Credentials for permission details.
Create a User Assigned Managed Identity
If you have an existing Manage Identity, it can be used. However, it is recommended that you use a Managed Identity dedicated to Nerdio Manager to prevent over permissioning.
To create a user assigned Managed Identity:
In the Azure portal, navigate to Managed Identities.
-
Select + Create.
-
Enter the following information:
-
Subscription: From the drop-down list, select the subscription.
Resource group: From the drop-down list, select the resource group. Alternatively, select Create new to create a new resource group.
-
Region: From the drop-down list, select the Azure region.
Note: Managed Identities may be used from any Azure region and its availability is dependent on the availability of Microsoft Entra ID.
Name: Type the name of your user assigned Managed Identity.
-
Once you have entered all the desired information, select Review + create.
Review your settings and then select Create.
Assign the Managed Identity to the App Service
You must assign a Managed Identity to the Nerdio Manager app service.
Note: If you have DR configured, be sure to assign the Managed Identity to all the app services.
To assign Managed Identity to the app service:
In the Azure portal, navigate to App Services.
Select the Nerdio Manager app service, which starts with nmw-app-.
-
In the Settings blade, select Identity.
Select the User assigned tab.
Select + Add to assign the existing Managed Identity to the app service.
-
Search for and select the Managed Identity to use and then select Add.
Link the Azure Subscription using Managed Identity
Once the Managed Identity is link to the Nerdio Manager app service, you can link the Azure subscription using Managed Identity.
To link the Azure subscription using Managed Identity:
In Nerdio Manager, navigate to Settings > Azure environment.
In the Azure subscriptions tile, select Link using app credentials.
-
Enter the following information:
Tenant ID: Provide the Entra ID tenant/directory ID.
Subscription ID: Provide the Azure subscription ID of the subscription being linked.
Select app identity: From the drop-down list, select the client app registration.
Identity Type: From the drop-down list, select Managed identity.
App ID: Provide the client app ID of the service principal with access to the subscription being linked.
Once you have entered the desired information, select OK.
Comments (0 comments)