How to connect to Azure

On this page you will learn how to connect your Azure Gateway to Obsidian step-by-step.

Prerequisites

The following is required to proceed:

A running instance of APIIDA´s API Control Plane
Access to the Azure API Management with at least one service instance created
Docker to use the image of our agent (that acts as an intermediary)

Unable to render {include} The included page could not be found.

Provide the Gateway Information

The following describes how to create the gateway configuration for an Azure Gateway Agent.

Gateway Configuration

subscriptionId: Insert the ID of the subscription that is assigned to your Azure API Management service
serviceName: Insert the name of your Azure API Management service instance
resourceGroupName: Insert the name of the resource group that is assigned to your Azure API Management service instance
tenantId/clientId/clientSecret: Insert the credentials of an authorized application

See our Q&A below if you want to learn more about how to get these values.

Currently, each Azure agent is specific to one API Management service.
If you want to manage multiple services, you will require an agent instance for each service.

Click on “Download” to download your configuration file
Confirm by clicking on the "Next" button

You’ve completed the second step!

Unable to render {include} The included page could not be found.

Q&A

Where do I get the subscriptionId, serviceName and resourceGroupName?

Go to the Overview page of your Azure API Management service
- The serviceName is displayed at the top left (see screenshot)
- The resourceGroupName is displayed in the overview under "Resource group”
- The subscriptionId is displayed in the overview under “Subscription ID”

How do I get the tenantId, clientId and clientSecret?

We recommend creating an application via Azure Active Directory to access the API Management Service. Below is a description of how to do this and how to obtain the required IDs and the client secret.

Step 1 of 2: Create a new Application in Azure Active Directory

See this Microsoft Azure link to learn how to create an Application:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
After the application is created, the clientId and the associated tenantId are displayed:

Now click on Add a certificate or secret (see Screenshot)
After that click on New client secret and add a new secret
The requested clientSecret will now be displayed

Important: Save the secret value, because it will no longer be displayed after you have left the page!

Note that the created application must also be assigned to the API Management Service (see Step 2), otherwise there is no link between the API Management service and the Application.

Step 2 of 2: Assign the Application to your Azure API Management Service

Go to the Overview page of your Azure API Management service
- Select Access control (IAM) in the menu on the left side
- Click on Add role assignment in the interface
- Select the Role “API Management Service Contributor” to grant the necessary permissions
- Click on Members (next to Role) or Next (at the bottom) to continue
- Add your Application to the list of Role members
- Click on Review + assign (next to Members) or Next (at the bottom) to continue
- Confirm by clicking on the ”Review + assign”-Button (at the bottom)