Azure Subscription

Apono offers Azure users a simple way to centralize cloud management through our platform. Through a single integration, Apono can sync to your environment and continuously discover new instances.

Additionally, Apono enables you to manage access to your integrated subscription. To manage access to other subscriptions, integrate them separately.

Prerequisites

Apono connector for Azure installed in your environment
Administrator permissions on the subscription being integrated
Administrator permissions on AzureAD

Integrate an Azure Subscription

Follow these steps to integrate your Azure subscription:

On the Catalog tab, click Azure. The Connect Integrations Group page appears.
Click Subscription.
Under Discovery, click Next. The Apono connector section appears.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
💡
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an Azure connector.
Click Next. The Integration Config section expands.

Define the Integration Config settings.

Setting	Description
Integration Name	Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Azure Subscription Id	(Optional) 32-digit globally unique identifier (GUID) that is associated with an Azure subscription Leave this field blank to connect to the subscription where the Apono connector is deployed.
Azure Primary Domain	(Optional) Default domain name used for creating new user accounts in your Azure Active Directory (Azure AD) tenant
Disable Locks	(Optional) Controls if locks are disabled during Apono provisioning Disable locks, select true from the dropdown menu. This action requires the Tag Contributor role at the subscription level for the applicable connector.

Click Next. The Get more with Apono section expands.

Define the Get more with Apono settings.

Setting	Description
Custom Access Details	(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. NOTE: You can also add the `custom_access_details` parameter to the `apono_integration` schema using Terraform. For more information, learn how to integrate with Apono in the Terraform Registry.
Integration Owner	(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners: From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform. From the Value dropdown menu, select one or multiple users or groups. NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner	(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners: Enter a Key name. This value is the name of the tag created in your cloud environment. From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono. NOTE: When this setting is defined, an Integration Owner must also be defined.

Click Confirm.

After connecting your Azure subscription to Apono, you will be redirected to the Connected tab to view your integrations. The new Azure integration will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.

Now that you have completed this integration, you can create access flows that grant permission to Azure resources.

Troubleshooting

Please refer to our troubleshooting guide if you encounter errors while integrating.