Azure Authentication Guide | Tines Explained

Azure, officially known as Microsoft Azure, is a cloud computing service created by Microsoft for building, deploying, testing, and managing applications and services through a global network of Microsoft-managed data centers. Azure provides various cloud-based services and resources to help organizations build, implement, and scale applications and infrastructure solutions. These include:

compute power
storage
analytics
databases
AI
machine learning
networking
security features

First, create an Azure application

Login to your existing Azure account or sign up if you haven't already signed up
Next, you'll need to register a new Azure application in app registrations.
Next, in your application, navigate to Certificates & secrets > Client secrets and click on the "New client secret" button to create a client secret. Copy the secret to use later.
Next, navigate to API permissions and click on "Add a permission" to add the required permission depending what API you are using (see Microsoft Azure API reference).
Next, from the Azure portal, navigate to Subscriptions and click "Add" to create a subscription if you don't already have one (see Microsoft Customer Agreement).
Next, under your subscription, navigate to Resource groups and click "Create" to create a resource group if you don't already have one (see Azure resource groups).

If your application requires role-based access control (RBAC), please follow the steps below (see What is Azure role-based access control)

(Optional) Create a custom role and assign it to an Azure application

Under your subscription, navigate to Access Control (IAM), click "Add" and then "Add a custom role" to create a custom role
Name the role and a description, and then click "Permissions"
On the "Permissions" tab, click "Add permissions" to add any permissions.
Alternatively, you can add permissions via the "JSON" tab. On the "JSON" tab, click "Edit" and add your permissions to the actions array. Once you have finished, click "Save".
Click on the "Permissions" tab to see the permissions.
Next, click the "Review + Create" button. If you are happy with the role, click "Create".
Next, navigate back to Access Control (IAM), click "Add" and then "Add role assignment" to assign the role to your application.
Search for the role you created, and click on it. Select the "Members" tab and click "+ Select members".
Search for your application, select it, and click "Select".
Click on the "Review + Create" button to complete the assignment.

Next, create an Azure subscription Resource in Tines

Login to your Tines tenant
Navigate to the team that will be using the API and click "Resource"
Click "+ New Resource"
Input the values for the resource
1. Name: Required
2. Description: Optional
3. Builder: Your Microsoft subscription id
Optional
1. Access: What other teams can also use the API
Click "Save resource"

Lastly, create an Azure Credential in Tines

Login to your Tines account.
Select the team using the API and click "Credentials".
Click "+ New Credential" and select "HTTP Request".
Input the values for the Azure credential
1. Name: Azure
2. Description: Optional
3. URL: https://login.microsoftonline.com/<Directory tenant ID>/oauth2/token <The Directory tenant ID can be found in your application>.
4. Content type: Form
5. Method: post
6. Payload:
  {
  client_secret: <client_secret> created earlier
  client_id: <client_id> found in your application (see screenshot below)
  grant_type: client_credentials
  resource: https://management.core.windows.net/
  scope: <this should reflect your applications API permissions created earlier>
  }
  
  You can paste this into the editor by clicking <> Editor below the Headers section:
```
{
  "url": "https://login.microsoftonline.com/<directory_tenant_id>/oauth2/token",
  "content_type": "form",
  "method": "post",
  "payload": {
    "client_secret": "<client_secret>",
    "client_id": "<client_id>",
    "grant_type": "client_credentials",
    "resource": "https://management.core.windows.net/",
    "scope": "offline_access user_impersonation"
  },
  "headers": {}
}
```
Click "Run Options" and click the copy button besides access_token to copy the path.
Next, paste the path to the access_token into Location of token from response.
Click "Save".

For more on creating credentials in Tines, click here.

You can find a selection of Azure stories in the story library.

Using the resource and credential in an action

When making requests to Azure, you can use the resource you created for your Microsoft subscription ID.

https://management.azure.com/subscriptions/<<RESOURCE.azure_subscription_id>>/providers/Microsoft.Compute/virtualMachines?api-version=2022-11-01

The Header configuration for your Azure credential should be:

 "Authorization": "Bearer <<CREDENTIAL.azure>>"

Putting it all together, here is an example Azure action you can copy and paste onto your storyboard in Tines:

{"standardLibVersion":"32","actionRuntimeVersion":"4","agents":[{"disabled":false,"name":"List virtual machines in Azure","description":null,"options":"{\"url\":\"https://management.azure.com/subscriptions/<<RESOURCE.azure_subscription_id>>/providers/Microsoft.Compute/virtualMachines?api-version=2022-11-01\",\"content_type\":\"application_json\",\"method\":\"get\",\"headers\":{\"Authorization\":\"Bearer <<CREDENTIAL.azure>>\"}}","position":{"x":780,"y":405},"schedule":[],"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"recordType":null,"recordWriters":[],"form":null,"cardIconName":null,"createdFromTemplateGuid":null,"createdFromTemplateVersion":null,"originStoryIdentifier":"cloud:d521f765a49c72507257a2620612ee96:94658be8f4ee4b5627ed7fbcbe2fd4be"}],"links":[],"diagramNotes":[]}

Exabeam Authentication Guide

JAMF Authentication Guide

Cribl Authentication Guide

Zoho Desk Authentication Guide