Microsoft Azure

Microsoft Azure

target azure


The following object illustrates how to securely pass your Azure API credentials within a config.




the Azure subscription id


the Azure directory tenant id


the Azure application client id


the Azure client secret

Application & Subscription-Scoped RBAC

A prerequisite to using Azure as an orchestration target with Provide is registering a directory application and assigning the appropriate permissions via a custom role. This role should be created using the Access control (IAM) tool located within the Azure Subscriptions service. A sample role definition has been provided; you will need to update the assignableScopes section provided in the sample JSON with your subscription scope.

"properties": {
"roleName": "Provide Azure Role",
"description": "permissions granted to Azure applications for use with Provide",
"assignableScopes": [
"permissions": [
"actions": [
"notActions": [],
"dataActions": [],
"notDataActions": []

Register a new single-tenant application within the Azure Active Directory service, create a custom role (as describe above) and assign the role to the registered application.