Azure client ID and Azure client secret
You must create an Azure AD application to generate the Azure client ID and corresponding Azure client secret, or Key as Azure refers to it. This application must be a service principal. Otherwise, the Azure Fabric connector cannot read the inventory. You can find the complete instructions at How to: Use the portal to create an Azure AD application and service principal that can access resources.
Keep the following in mind when you get to the part about making a new application registration:
- The Application type has two options. Choose Web app/API.
- The Sign-on URL has the asterisk commonly associated with a required field, but this is not applicable in this case. Put in any valid URL in the field to complete the form and enable the Create button.
The instructions show you how to find/create the two needed values, but uses different names.
- The field in the FortiGate interface called Azure client ID refers to the Application ID in Azure.
- The field in the FortiGate interface called Azure secret refers to the Key for the application.
After registering the app, give it access to the resource group.
Go back to the resource group described in Getting the Azure resource group.
The FortiGate Azure Fabric connector can resolve dynamic address objects (IP addresses) in Azure, provided that service principal is granted for the network contributor and VM contributor roles for the target resource group(s).