Contents
Follow these steps to set up an integration:
1. Navigate to the Integrations page:
2. Click the Azure Beta logo:
3. To set up your connection, please add a Connection name, Directory (tenant) ID, Application (client) ID, and Client secret. Please follow the below intructions before creating the connection in Ardoq:
1. Add Ardoq application to your Azure tenant
1. Go to your azure tenant from Microsoft Entra ID -> Add -> Enterprise application -> Select Ardoq
2. After application has been added. You'll need the `Application ID`
If you have already added the application before, Go to Microsoft Entra ID -> Enterprise applications to find your previously created application.
2. Open console (powershell for Windows) and log in (should redirect to the browser): > az login
3. Assign a role for the added application above with the scope you want to grant permissions.
1. Eg: If you want to grant Reader role permission for a particular subscription,
> az role assignment create --assignee <your_application_id> --role Reader --scope /subscriptions/<your_subscription_id>
2. If you want to use multiple subscriptions, you have to execute the above command for each subscription id.
Enter your Azure credentials. Once you have created the connection, you will see it under the tab Connections.
4. To create a new import, click Create new import in the top right corner.
5. On the first step of the import, please select what connection you would like to use, then select the location(s) of the servers and subscription(s). Finally, please select the resource groups and resource types you would like to import.
The resources you can choose to import are:
The resources you can choose to import are:
Analysis service servers
App Service Plans
Availability sets
Disks
Hybrid machines
Load balancers
Locations
Managed clusters
Management groups
Microsoft SQL databases
Microsoft SQL managed databases
Microsoft SQL managed instances
Microsoft SQL servers
Network security groups
Network security rules
Resource groups
SQL databases
SQL servers
SQL virtual clusters
SQL virtual machines
Subscriptions
Tag values
Tags
Virtual machine extensions
Virtual machines
Virtual network subnets
Virtual networks
Zones
microsoft.aad/domainservices
microsoft.alertsmanagement/actionrules
microsoft.alertsmanagement/smartdetectoralertrules
microsoft.analysisservices/servers
microsoft.appconfiguration/configurationstores
microsoft.cache/redis
microsoft.cdn/profiles
microsoft.cognitiveservices/accounts
microsoft.compute/availabilitysets
microsoft.compute/diskencryptionsets
microsoft.compute/disks
microsoft.compute/galleries
microsoft.compute/images
microsoft.compute/proximityplacementgroups
microsoft.compute/snapshots
microsoft.compute/virtualmachines
microsoft.compute/virtualmachinescalesets
microsoft.containerinstance/containergroups
microsoft.containerregistry/registries
microsoft.containerservice/containerservices
microsoft.containerservice/managedclusters
microsoft.databox/jobs
microsoft.databricks/workspaces
microsoft.datafactory/factories
microsoft.datalakeanalytics/accounts
microsoft.datalakestore/accounts
microsoft.datashare/accounts
microsoft.dbformariadb/servers
microsoft.dbformysql/servers
microsoft.dbforpostgresql/servers
microsoft.deploymentmanager/servicetopologies
microsoft.deploymentmanager/steps
microsoft.devops/pipelines
microsoft.devtestlab/labs
microsoft.documentdb/databaseaccounts
microsoft.domainregistration/domains
microsoft.eventgrid/domains
microsoft.eventgrid/topics
microsoft.eventhub/clusters
microsoft.eventhub/namespaces
microsoft.hanaonazure/hanainstances
microsoft.hanaonazure/sapmonitors
microsoft.hdinsight/clusters
microsoft.healthcareapis/services
microsoft.hybridcompute/machines
microsoft.hybriddata/datamanagers
microsoft.importexport/jobs
microsoft.insights/actiongroups
microsoft.insights/activitylogalerts
microsoft.insights/alertrules
microsoft.insights/autoscalesettings
microsoft.insights/components
microsoft.insights/metricalerts
microsoft.insights/privatelinkscopes
microsoft.insights/webtests
microsoft.keyvault/vaults
microsoft.kusto/clusters
microsoft.labservices/labaccounts
microsoft.logic/integrationaccounts
microsoft.logic/integrationserviceenvironments
microsoft.logic/workflows
microsoft.machinelearning/commitmentplans
microsoft.machinelearning/webservices
microsoft.machinelearningservices/workspaces
microsoft.maintenance/maintenanceconfigurations
microsoft.managedidentity/userassignedidentities
microsoft.maps/accounts
microsoft.media/mediaservices
microsoft.migrate/projects
microsoft.mixedreality/remoterenderingaccounts
microsoft.mixedreality/spatialanchorsaccounts
microsoft.network/applicationgateways
microsoft.network/applicationsecuritygroups
microsoft.network/azurefirewalls
microsoft.network/bastionhosts
microsoft.network/ddosprotectionplans
microsoft.network/expressroutecircuits
microsoft.network/expressroutegateways
microsoft.network/expressrouteports
microsoft.network/firewallpolicies
microsoft.network/frontdoors
microsoft.network/ipgroups
microsoft.network/loadbalancers
microsoft.network/localnetworkgateways
microsoft.network/natgateways
microsoft.network/networkexperimentprofiles
microsoft.network/networkinterfaces
microsoft.network/networkprofiles
microsoft.network/networksecuritygroups
microsoft.network/networkwatchers
microsoft.network/p2svpngateways
microsoft.network/privateendpoints
microsoft.network/privatelinkservices
microsoft.network/publicipaddresses
microsoft.network/publicipprefixes
microsoft.network/routefilters
microsoft.network/routetables
microsoft.network/serviceendpointpolicies
microsoft.network/virtualhubs
microsoft.network/virtualnetworkgateways
microsoft.network/virtualnetworks
microsoft.network/virtualnetworktaps
microsoft.network/virtualrouters
microsoft.network/virtualwans
microsoft.network/vpngateways
microsoft.network/vpnsites
microsoft.notificationhubs/namespaces
microsoft.operationalinsights/clusters
microsoft.operationsmanagement/solutions
microsoft.peering/peerings
microsoft.peering/peeringservices
microsoft.portal/dashboards
microsoft.powerbidedicated/capacities
microsoft.recoveryservices/vaults
microsoft.relay/namespaces
microsoft.resources/deploymentscripts
microsoft.scheduler/jobcollections
microsoft.security/automations
microsoft.servicebus/namespaces
microsoft.servicefabric/clusters
microsoft.signalrservice/signalr
microsoft.solutions/applicationdefinitions
microsoft.solutions/applications
microsoft.solutions/jitrequests
microsoft.sql/instancepools
microsoft.sql/managedinstances
microsoft.sql/servers
microsoft.sql/virtualclusters
microsoft.sqlvirtualmachine/sqlvirtualmachinegroups
microsoft.sqlvirtualmachine/sqlvirtualmachines
microsoft.storage/storageaccounts
microsoft.storagecache/caches
microsoft.storagesync/storagesyncservices
microsoft.storsimple/managers
microsoft.streamanalytics/streamingjobs
microsoft.web/certificates
microsoft.web/connectiongateways
microsoft.web/connections
microsoft.web/customapis
Note:
It is recommended to select only the resource types that you will be using as it will be much faster to load.
6. Click on the Next button in the bottom right corner of the page to configure your data.
7. Select a table to configure its columns, and navigate to Components. Although all Azure tables contain components, references can be created using column configurations. Select the Ardoq workspace to import the table into. You can either select an existing workspace or type a name to create a new one. Configure the columns to map the values to the correct Ardoq concepts.
10. Click the Review Import button to get a summary of what the import result will be. Finally, click the Import My Data button to execute the actual import.
How To Schedule Your Import
After a successful test run, you have the option to schedule your import. You can choose to import on a daily or weekly basis.
FAQ
Why does the Resource Groups preview show all resource groups even though I have selected only a single resource group?
The Resource Group type is considered a special case as it will list all resource groups that the role has access to regardless of which you have selected.
Unable to Authenticate While setting up the Integration.
For secret-based authentication, Please create an app in your tenant.
The following instruction should be relevant but can be a little outdated in a part of navigation to different Azure sections. In general, you should follow documentation by Microsoft, for example:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
One of the ways to set up is to create a secret and assign a Reader role at the subscription level as follows. Create app and client secret:
1. Log in Azure portal.
2. Open the “App registration” section and add a new app. For example, name it “Ardoq integration”.
3. Open “Authentication” and create Secret. After that, we can log in, but a list of regions etc will be empty. We can log in only, we do not have access to data.Assign Reader role on subscription level:
1. Open Subscriptions and click Subscription.
2. Open Access control.
3. Click Add in the Role assignment section, there are 3 fields to assign:
3.1 Role: Reader.
3.2 Assign access to: Azure AD user, group or service principal (it is the default value).
3.3 Select the application we created before.
3.4 Click Save. It may take some seconds for Azure to save changes, after that it should be possible to log in and read regions etc in Ardoq.
Note: Currently users with a role of admin can only configure the integration.