How to install a Connector on your Azure environment to integrate with Azure management group or subscription
If your organization uses Azure as it's cloud provider, you can take advantage of Apono Azure integrations, allowing you to create just-in-time access management based on Access Flows and user requests to your Azure resources.
The integration between Azure and Apono requires an Azure Apono connector installed in your Azure environment.
The remainder of this guide focuses on installing and configuring the Azure Apono connector on ACI in your Azure environment.
Azure user with the following permissions on your Azure management group/subscription:
| Role | Permissions |
|---|---|
Kubectl Command-line.
The Apono Azure Management Groups integration allows you to auto-discover all resources under your Tenant by installing the connector on one of the Azure Subscriptions under the Tenant Root Management Group.
Go to Integrations, under Environment from the left navigator.
Under Integrations, click the Catalog tab and select Azure under Cloud provider category.
In Azure integration page under Discovery, choose between Azure Management Group and Azure Subscription, then select the resource types you want to integrate with.
Under Apono connector, choose + Add new connector.
Choose installation method and copy the Apono token.
Global Administrator (Azure Entra)
Can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities.
Owner (Azure RBAC)
Grants full access to manage all resources
Assign roles in Azure RBAC
Learn how to deploy a connector in an Azure environment
Azure Container Instances (ACI) is a managed, serverless compute platform for running containerized applications. This guide explains how to install and configure an Apono connector on ACI in your Azure environment using Azure CLI.
| Item | Description |
|---|---|
You can install a connector for an Azure Management Group or Subscription.
Follow these steps to install a new connector:
At the shell prompt, set the environment variables.
Log in to your Azure account.
Set the REGION environment variable.
Run the following command to deploy the connector on your ACI.
Add the User Access Administrator role to the connector in the management group scope.
For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
On the Connectors page, verify that the connector has been updated.
You can now integrate with an Azure Management Group or Azure Subscription.
Follow these steps to install a new connector:
Export the following environment variables.
Log in to your Azure account.
Set the REGION environment variable.
Run the following command to deploy the connector on your ACI.
Add the User Access Administrator role to the connector in the subscription scope.
For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
On the Connectors page, verify that the connector has been updated.
You can now create integrate with an Azure Management Group or Azure Subscription.
Learn how to deploy a connector in an Azure environment
Azure Container Instances (ACI) is a managed, serverless compute platform for running containerized applications. This guide explains how to install and configure an Apono connector on ACI in your Azure environment using PowerShell.
| Item | Description |
|---|
You can install a connector for an Azure Management Group or Subscription.
Follow these steps to install a new connector:
At the shell prompt, set the environment variables.
Log in to your Azure account.
Set the REGION environment variable.
Run the following command to deploy the connector on your ACI.
Add the User Access Administrator role to the connector in the management group scope.
For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
Follow these steps to install a new connector:
Export the following environment variables.
Log in to your Azure account.
Set the REGION environment variable.
Run the following command to deploy the connector on your ACI.
Add the User Access Administrator role to the connector in the subscription scope.
For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
On the page, verify that the connector has been updated.
You can now integrate with an .
On the page, verify that the connector has been updated.
You can now create integrate with an .
Apono Token
Account-specific Apono authentication value
Use the following steps to obtain your token:
On the Connectors page, click Install Connector. The Install Connector page appears.
Click Cloud installation > Azure > Install and Connect Azure Account > CLI (Container Instance).
Copy the token listed on the page in step 1.
Azure Cloud Command Line Interface (AZ CLI)
Tool that enables interacting with Azure services using your command-line shell
Azure Cloud Information
Information for your Azure Cloud instance:
Owner Role (Azure RBAC)
Azure role with the following permissions:
Grants full access to manage all resources
Assigns roles in Azure RBAC
Global Administrator
Microsoft Entra role with the following permission:
Manages all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities
Apono Token | Account-specific Apono authentication value Use the following steps to obtain your token:
|
PowerShell |
Azure Cloud Information | Information for your Azure Cloud instance: |
Owner Role (Azure RBAC) |
|
Global Administrator |
|
Learn how to deploy a connector in an Azure environment
Azure Container Instances (ACI) is a managed, serverless compute platform for running containerized applications. This guide explains how to install and configure an Apono connector on ACI in your Azure environment using Terraform.
| Item | Description |
|---|---|
Follow these steps to set up a new connector:
At the shell prompt, set the Apono environment variables to your account token.
In a new or existing Terraform (.tf) file, add the following provider and module information to create a connector with permissions or without permissions:
Enables installing the connector in the cloud environment and managing access to resources
Enables installing the connector in the cloud environment but managing access to non-Azure resources, such as self-hosted databases
At the Terraform CLI, download and install the provider plugin and module.
Apply the Terraform changes. The proposed changes and a confirmation prompt will be listed.
Enter yes to confirm deploying the changes to your Azure account.
On the Connectors page, verify that the connector has been deployed.
You can now integrate with an Azure Management Group or Azure Subscription.
Learn how to update a connector through the Azure CLI
Periodically, you may need to update your Azure connector to help maintain functionality, performance, and security.
This article explains how to update and redeploy a connector through the Azure CLI.
| Item | Description |
|---|---|
To update an Apono connector for Azure, follow these steps in the shell environment with Azure CLI installed:
Set the APONO_CONNECTOR_ID environment variable to your chosen connector ID.
Set the APONO_TOKEN environment variable to your account token.
Set the SUBSCRIPTION_ID environment variable to the Azure subscription ID.
Set the RESOURCE_GROUP_NAME environment variable to the Azure resource group name.
Set the REGION environment variable.
Run the following command to deploy an updated version of the connector on the Azure Container Instance service.
7. On the [**Connectors**](https://app.apono.io/connectors) page, verify that the connector has been updated.
On the page, click Install Connector. The Install Connector page appears.
that enables interacting with Azure services using your command-line shell
with the following permissions:
with the following permission:
Apono Token
Account-specific Apono authentication value
Use the following steps to obtain your token:
On the Connectors page, click Install Connector. The Install Connector page appears.
Click Cloud installation > Azure > Install and Connect Azure Account > Terraform (Container Instance).
Copy the token in step listed on the page in step 1.
Terraform Command Line Interface (Terraform CLI)
Tool that enables interacting with Azure services using your command-line shell
Azure Cloud Information
Information for your Azure Cloud instance:
Owner Role (Azure RBAC)
Azure role with the following permissions:
Grants full access to manage all resources
Assigns roles in Azure RBAC
Global Administrator
Microsoft Entra role with the following permission:
Manages all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities
Apono Token
Account-specific Apono authentication value Use the following steps to obtain your token:
On the Connectors page, click Install Connector.The Install Connector page appears.
Click Azure > No, Just Install The Connector > CLI (Container Instance).
Copy the token in step listed on the page in step 1.
Azure Command Line Interface (Azure CLI)
Open-source tool that enables interacting with Azure services using your command-line shell
Resource Group Name
Name of the Azure resource group
Subscription ID
Identifier for the Azure subscription
User Access Administrator Role
Azure subscription role that enables managing user access to Azure resources
User Administrator Role
Microsoft Entra ID role that enables the following tasks:
Create and manage users and groups
Reset passwords for users, helpdesk administrators, and user administrators
