Create Azure cloud credentials

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read

    • If your cloud resources are in an Azure cloud, create credentials that can access the Azure account. This procedure requires configuration in your Azure account.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Before you begin

    Roles required:
    • discovery_admin, service_mapping_admin, sn_cmp.cloud_admin roles in Cloud Provisioning and Governance or sn_cloud_ops_ws.cloud_ops_admin role in Cloud Discovery Workspace.
    • Operations on the Microsoft Azure portal require one of the following roles:
      • Azure or Azure AD (Active Directory) Administrator
      • Application Administrator
      • Application Developer
      • Cloud Application Administrator
      and the Resource Policy Contributor role to create or modify resource policies.
    • Enable internal network connection between the MID Servers and the Azure Cloud API endpoints: management.azure.com

    Procedure

    1. Log in to the Azure portal and navigate to Azure Active Directory.
    2. Navigate to the App registrations section and select New application registration.
      Enter the following information for your application:
      Register an application
      Field Description
      Name Unique name for the application and its integration credentials. For example, ServiceNow Integration.
      Supported account types Specify who can use the application.
      Redirect URI (Optional) URL that will access Azure. Typically the URL of the ServiceNow instance.
    3. Select Register to complete the app registration.
    4. When registration completes, copy the Application (client) ID and Directory (tenant) ID values, and paste them in the text editor.
    5. Label the values Application ID and Directory ID respectively.
    6. In the Azure portal, navigate to the Certificates & secrets section and New client secret then specify the following values:
      Field Description
      Key description Description for the key.
      Duration Expiration for the key.
      Note:
      Your organization may apply policies to restrict key durability. Select the appropriate duration.
    7. Select Add.
    8. Copy and paste the key value into the text editor and label the value Application key.
    9. Enable the service principal to access Azure subscriptions based on your environment.
      Choose the option that matches your setup:
      • Management group: Use this option to grant Reader access to all subscriptions under the management group
      • Individual subscription: Use this option to grant Reader access to a specific subscription only
      OptionSteps
      Management group
      1. In the Azure portal, navigate to Management groups and select the required management group.
      2. Select from the menu Access Control (IAM).
      3. Select + Add and then Add role assignment.
      4. In the Role field, select the Reader value.
        Note:
        The Resource Policy Contributor role is only required for provisioning.
      5. In the Assign access to field, keep the default User, group, or service principal value.
      6. In the Select field, select the name you created in the registering the application step.
      7. Select Save.
      Individual subscription
      1. In the Azure portal, navigate to Subscriptions and select the required subscription.
      2. Enter the subscription ID into the text editor and label it Subscription ID.
      3. Select from the menu Access Control (IAM).
      4. Select + Add and then Add role assignment.
      5. In the Role field, select the Reader value.
        Note:
        The Resource Policy Contributor role is only required for provisioning.
      6. In the Assign access to field, keep the default User, group, or service principal value.
      7. In the Select field, select the name you created in the registering the application step.
      8. Select Save.
    10. Select the Azure Service Principal type credential.
      1. Navigate to All > Connections & Credentials > Credentials.
      2. Select New.
      3. Select Azure Service Principal.
    11. Specify the following values on the Azure Service Principal form:
      Field Value
      Name Name of the service principal to register with the instance. For example, Azure service principal credentials.
      Authentication Method Select Client secret.

      The Secret key field appears when you select Client secret.

      Note:
      Client assertion is not supported.
    12. Copy and paste values from the temporary text file into the remaining fields.
      Azure credentials
      Credentials form field Azure Service Principal value
      Tenant ID Azure Directory ID value from the text file.
      Client ID Azure Application ID value from the text file.
      Secret key Azure Application key value from the text file.
    13. Select Save to create the Azure service principal.
    14. Select the Discover Subscriptions related link to find all subscriptions for the Azure service principal.
      The instance creates a service account for each discovered subscription. The Azure Subscriptions related list displays all subscriptions for the Azure service principal.
    15. Select a subscription to view the service account created for the subscription.
    16. Select a Discovery status entry in the Credential Discovery Status list to view the Discovery log.
      Each time you select Discover Subscription, the instance generates a new Discovery status and displays it in the Credential Discovery Status list.