Integrating Obok with Microsoft Azure

To integrate your Microsoft Azure subscription with Obok, you will need to create a Service Principal with the necessary permissions.

Prerequisites:

• Required Role: You must have the Owner or User Access Administrator role on the Azure subscription you wish to integrate. These permissions are necessary to create a Service Principal and assign it the required Reader role.

Setup Steps:

1. Open Azure Cloud Shell: Access the Azure Cloud Shell from the Azure portal (https://portal.azure.com/). You can choose either Bash or PowerShell.

2. Run the Command: Execute the following command in the Azure Cloud Shell. Replace SUBSCRIPTIONID with the actual ID of the Azure subscription you want to integrate with Obok.

   Bash

    

   az ad sp create-for-rbac --name Hypercube --role Reader --scopes /subscriptions/SUBSCRIPTIONID
   

   This command will:

   • Create a new Azure Active Directory service principal named Hypercube.
   • Assign the built-in Reader role to this service principal. The Reader role grants view-only access to all resources within the specified subscription, which is necessary for Obok to assess your security posture.
   • Scope this role assignment to the specified SUBSCRIPTIONID.

3. Copy the Output: After the command executes successfully, it will output a JSON object containing the credentials for the service principal. Copy this entire output immediately and store it securely. It will look similar to this:

   JSON

    

   {
     "appId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
     "displayName": "Hypercube",
     "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
     "tenant": "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY"
   }
   

Final Step: Provide Information to Obok

You will need to provide the following credentials, obtained from the output in the previous step, to Obok:

• Application (Client) ID (this is the appId from the output)
• Client Secret (this is the password from the output)
• Tenant ID (this is the tenant from the output)
• Subscription ID (this is the SUBSCRIPTIONID you used in the command)

Please input the Application (Client) ID, Client Secret, Tenant ID, and Subscription ID into the Obok platform when adding your Azure integration. Treat the Client Secret like a password and ensure it is transmitted and stored securely if you need to send it via our support panel.