It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Create a Service Principal for Azure Virtual WAN

  • Last updated on

For the firewall to authenticate to the Azure Virtual WAN APIs that enable automated connectivity, a registered app must be created. The registered app requires the following information:

  • Tenant ID
  • Subscription ID
  • User ID / Application ID / Client ID
  • Key / Client Password

Before You Begin

  • Create a resource group in Microsoft Azure. This resource group must contain your virtual WAN later. Otherwise, the firewall will not have sufficient permissions to authenticate to Azure Virtual WAN APIs that enable automated connectivity.

Step 1. Get the Tenant ID

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click Properties.
  5. Copy the Directory ID. This is the Tenant ID of your service principal.
    directory_properties.png

Step 2. Create New App Registration

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click App registrations.  
  5. Click New registration.
    app_registrations.png
  6. The Register an application blade opens.
    • Name – Enter a name for the application registration.
    • Supported account types – Select Accounts in this organizational directory only (<your_directory_name> only - Single tenant).
    • Redirect URI (optional) – Select Web from the drop-down menu and enter a random, unique URI. E.g., https://localhost:432
    register_an_app.png
  7. Click Register.

Copy the Application (client) ID: This is the Client ID for your service principal information.

app_id.png

Step 3. Create the Service Principal Key

For the app registration, create a service principal key to authenticate.  

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services  and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click App registrations.
  5. Click on the registered app created in Step 2. The Registered app blade opens.
  6. Click Certificates & secrets. The Certificates & secrets blade opens.
  7. In the Client secrets section, click New client secret.
    certificate_and_secrets.png
  8. The Add a client secret blade opens.
    • Description – Enter a name for the service principal key.
    • Expires – Select Never expires.
  9. Click Add.
  10. The key is now displayed in the Value column. Click on the copy icon to copy the key to your clipboard. This is your Client Password.

    key.png

    Note that you must copy the key before reloading the page because it is no longer displayed afterwards.

Step 4. Assign the Appropriate Roles to the Registered App

  1. Log into the Azure portal: https://portal.azure.com    
  2. In the left menu, click All services  and search for Resource groups.
  3. Click Resource groups.
  4. Select the resource group that will contain your virtual WAN later.
  5. Click Access control (IAM).
    rg_IAM.png
  6. Click +Add and select Add role assignment from the list.
      rg_iam_add1.png 
  7. For Role, select Storage Blob Data Owner from the list.
  8. For Assign access to, select Azure AD user, group, or service principal.
  9. For Select, enter the name of the registered app created in Step 2 (doc-vwan-sp) and click on the corresponding entry of the list.
    service_principal_role_assignement_assign_role_to_service_principal_and_save.png
  10. Click Save to save your configuration.
  11. Repeat Step 4 and add the following roles:
    1. Network Contributor.
    2. Storage Account Key Operator Service Role.
    3. Storage Account Contributor.
  12. Continue with Step 5.

Step 5. Get the Subscription ID

  1. Log into the Azure portal: https://portal.azure.com    
  2. In the left menu, click Subscriptions.  
  3. Copy the Subscription ID in the Subscription ID column.

vwan_sp_06.png

Next Steps

You can now configure automated connectivity for Azure Virtual WAN.

For more information, see How to Configure Automatic Connectivity to Azure Virtual WAN.