Previous page

Next page

Locate page in Contents

Create Microsoft Azure AD Application

To complete the steps below, you must have a Microsoft Azure subscription and account. If you don't have a subscription, you need to purchase one first.

Create an Azure Active Directory application

An Azure Active Directory application is used with the role-based access control. You need to create an Azure AD application to access resources in your subscription from Parallels RAS.

To create an Azure AD application:

  1. Log in to the Microsoft Azure portal.
  2. Open the portal menu and select Azure Active Directory.
  3. In the left pane, select App registrations.
  4. Click New registration (at the top of the right pane).
  5. The Register an application blade opens.
  6. In the Name field, type a name you want to use for the application.
  7. In the Redirect URI (optional) section, make sure that Web is selected in the drop-down list. Leave the URI field empty.
  8. Click Register (at the bottom left).
  9. The new Azure AD app is created and its blade is displayed in the portal.

Note the following app properties, which are displayed at the top of the right pane:

  • Display name
  • Application (client) ID*
  • Directory (tenant) ID*
  • Object ID*

* Copy and save these properties. You will need to specify them later when adding Azure as a VDI provider in the RAS Console.

Create a client secret

A client secret is a string that the application uses to prove its identity when requesting a token. It essentially acts as an application password. You will need to specify this string in the RAS Console when adding Azure as a VDI provider.

To create a client secret:

  1. If you are not on the application page anymore, navigate to it from the Home page by selecting Azure Active Directory > App registration and then clicking the app in the right pane.
  2. In the left pane, click Certificates & secrets.
  3. In the right pane, click New client secret.
  4. Type a client name and select a desired expiration option.
  5. Click Add. The new client secret appears in the Client secrets list.
  6. IMPORTANT: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.

Give the application read and write access to resources

The Azure AD app that you created must have read and write access to Azure resources. The following instructions demonstrate how to give the application read and write access to a resource group. You can also give access to a specific resource or to your entire Azure subscription. For more information, please see the Microsoft Azure documentation.

To give the app write access to the resource group where new VMs will reside:

  1. In the Azure portal menu, select Resource groups.
  2. Click a resource group where the new VMs will reside.
  3. In the left pane, select Access control (IAM).
  4. In the right pane, locate the Add a role assignment box and click Add.
  5. In the Add role assignment dialog, select Contributor in the Role drop-down list.
  6. In the Assign access to field, select Azure AD user, group, or service principle.
  7. In the Select field, begin typing the name of the app that you created earlier. Once the app is found, select it.
  8. Click Save.

To give the app read access to the resource group:

  1. Repeat steps 1-4 from the list above.
  2. In the Add role assignment dialog, select Reader in the Role drop-down list.
  3. Select the application from the list (use the Search field to search for the application).
  4. Click Save.

Note: If you would like to give the application read access to your entire subscription (not just a specific resource groups), select All services in the Azure portal menu, then navigate to Categories > All > Subscriptions and select your subscription. Select Access control (IAM) in the middle pane and click Add in the Add a role assignment box. Repeat steps 2-4 from the list above.

Finding your Microsoft Azure subscription ID

When you'll be adding Microsoft Azure as a VDI provider in the RAS Console, you will need to specify your Azure subscription ID. If you don't remember it, here's how to find it in the Microsoft Azure portal:

  1. In the portal menu, choose All services.
  2. In the Categories list, click All.
  3. In the right pane, click Subscriptions.
  4. Click a subscription and then copy and save the value from the Subscription ID field.

Summary

When you complete all of the above steps, you should have the following values saved and ready to be used to add Microsoft Azure as a VDI provider in the RAS Console:

  • App (client) ID: Application ID.
  • Directory (tenant) ID: Tenant ID.
  • Client secret: Client secret (application key).
  • Subscription ID: Your Microsoft Azure subscription ID.

Read on to learn how to add Microsoft Azure as a VDI provider in the RAS Console.
Top of page Feedback