We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Create a Service Principal for Azure Virtual WAN

  • Last updated on

For the firewall to authenticate to the Azure Virtual WAN APIs that enable automated connectivity, a registered app must be created. The registered app requires the following information:

  • Tenant ID
  • Subscription ID
  • User ID / Application ID
  • Key

Step 1. Get the Tenant ID

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click Properties.
  5. Copy the Directory ID. This is the tenant ID of your service principal.
    directory_properties.png

Step 2. Create New App Registration

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click App registrations.  
  5. Click New registration.
    app_registrations.png
  6. The Register an application blade opens.
    • Name – Enter a name for the application registration.
    • Supported account types – Select Accounts in this organizational directory only (<your_directory_name> only - Single tenant).
    • Redirect URI (optional) – Select Web from the drop-down menu and enter a random, unique URI. E.g., https://localhost:432
    register_an_app.png
  7. Click Register.

Copy the Application (client) ID: This is the user ID for your service principal information.

app_id.png

Step 3. Create the Service Principal Key

For the app registration, create a service principal key to authenticate.  

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All services  and search for Azure Active Directory.
  3. Click Azure Active Directory.
  4. In the left menu of the Azure Active Directory blade, click App registrations.
  5. Click on the registered app created in Step 2. The Registered app blade opens.
  6. Click Certificates & secrets. The Certificates & secrets blade opens.
  7. In the Client secrets section, click New client secret.
    certificate_and_secrets.png
  8. The Add a client secret blade opens.
    • Description – Enter a name for the service principal key.
    • Expires – Select Never expires.
  9. Click Add.
  10. The key is now displayed in the Value column. Click on the copy icon to copy the key to your clipboard.

    key.png

    Note that you must copy the key before reloading the page because it is no longer displayed afterwards.

Step 4. Assign the Appropriate Roles to the Registered App

  1. Log into the Azure portal: https://portal.azure.com   
  2. In the left menu, click All services  and search for Subscriptions.
  3. Click Subscriptions.
  4. Select the required entry with the Subscription ID from the list of subscriptions.  
    service_principal_role_assignement_select_subscription.png
  5. Click Access control (IAM)
  6. Click +Add and select Add role assignment from the list.
      service_principal_role_assignement_go_to_access_control_and_add_role_assignement.png
  7. For Role, select Storage Blob Data Owner from the list.
  8. For Assign access to, select the service principal.
  9. Select the registered app created in Step 2 (doc-vwan-sp).
    service_principal_role_assignement_assign_role_to_service_principal_and_save.png
  10. Click Save to save your configuration.
  11. Repeat Step 4 and add the following roles:
    1. Network Contributor.
    2. Storage Account Key Operator Service Role.
    3. Storage Account Contributor.
  12. Continue with Step 5.

Step 5. Get the Subscription ID

  1. Log into the Azure portal: https://portal.azure.com    
  2. In the left menu, click Subscriptions.  
  3. Copy the Subscription ID in the Subscription ID column.

vwan_sp_06.png

Next Steps

You can now configure automated connectivity for Azure Virtual WAN.

For more information, see How to Configure Automatic Connectivity to Azure Virtual WAN.

Last updated on