Follow these steps to set up an integration:
1. Navigate to the Integrations page:
2. Click the Azure logo:
3. Add Ardoq "app" to your Tenant (prerequisite)
Open console (powershell for Windows) and log in (should redirect to the browser):
> az loginCreate service principal for Ardoq application (NB! Use Ardoq app ID which can be found in step 4) and remember output (principal object ID):
> az ad sp create --id d5b22d16-feeb-447d-a3ee-32b0dae7f29a
> ee75834e-756b-4df5-a961-8b636fff598bAssign role (for example Reader=acdd72a7-3385-48ef-bd42-f606fba81ae7) for the service principal:
> az role assignment create --assignee-object-id ee75834e-756b-4df5-a961-8b636fff598b --role acdd72a7-3385-48ef-bd42-f606fba81ae7
4. To find the application go to 'Enterprise Applications' in Azure. In the dropdown 'Application type', choose 'All applications' and search for Ardoq. Assign role accordingly on for example the subscriptions you would like to load resources from.
5. Enter your Azure credentials, choose "Username/secret" authentication, and optionally narrow down the context to fetch data from:
The resources you can choose to import are:
Analysis service servers
App Service Plans
Availability sets
Disks
Hybrid machines
Load balancers
Locations
Managed clusters
Management groups
Microsoft SQL databases
Microsoft SQL managed databases
Microsoft SQL managed instances
Microsoft SQL servers
Network security groups
Network security rules
Resource groups
SQL databases
SQL servers
SQL virtual clusters
SQL virtual machines
Subscriptions
Tag values
Tags
Virtual machine extensions
Virtual machines
Virtual network subnets
Virtual networks
Zones
Notes:
It is recommended to select only the resource types that you will be using as it will be much faster to load.
Please reach out to Ardoq Support to enable Azure Subscriptions for data import for you.
6. Click on the Fetch data button in the top right corner of the page.
7. Select a table to configure its columns, and navigate to Components. Although all Azure tables contain components, references can be created using column configurations. See the 'Create references' section below for a step-by-step guide on how to create references.
8. Select the Ardoq workspace to import the table into. You can either select an existing workspace or type a name to create a new one.
9. Configure the columns to map the values to the correct Ardoq concepts.
10. Click the Test Import button to get a summary of what the import result will be.
11. Finally, click the Import All button to execute the actual import.
Create references
A) Create a reference based on the Sys ID
Column type: To create a reference, select the Reference type.
Workspace: This is the workspace where the referenced component exists or will exist after import.
Type: This is the reference type, for instance, Uses, Implicit, etc.
Format: Select Custom ID to reference by the target components' sys_id field.
Field name: The name of the field on the target components which contains its sys_id.
B) Create a reference based on the component name
Follow the same steps as above, only that for Format select Component path instead. This will create references based on the name of the targeted components.
How To Schedule Your Import
After a successful test run, you have the option to schedule your import. You can choose to import on a daily or weekly basis.
Click the "Create schedule" button in the "Test summary" page.
Next, give a name to your import and select an interval.
Click "Save schedule" to activate your schedule.
To view all of your active schedules and manage them, navigate to the "Schedule Management" tab.
FAQ
Why does the Resource Groups preview show all resource groups even though I have selected only a single resource group?
The Resource Group type is considered a special case as it will list all resource groups that the role has access to regardless of which you have selected.
Why is the save button greyed out?
It’s required to at least select/type in something in the “Create components in” field in the “Import Configuration” section. When the config is “savable” an icon should appear to the left of “Config management” like so:
When attempting to edit a saved import, note that the “Save” button will only be enabled if there are any changes done in the configuration. If nothing was changed the button will be disabled.
Unable to Authenticate While setting up the Integration.
For secret-based authentication, Please create an app in your tenant.
The following instruction should be relevant but can be a little outdated in a part of navigation to different Azure sections. In general, you should follow documentation by Microsoft, for example:
https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
One of the ways to set up is to create a secret and assign a Reader role at the subscription level as follows. Create app and client secret:
1. Log in Azure portal.
2. Open the “App registration” section and add a new app. For example, name it “Ardoq integration”.
3. Open “Authentication” and create Secret. After that, we can log in, but a list of regions etc will be empty. We can log in only, we do not have access to data.Assign Reader role on subscription level:
1. Open Subscriptions and click Subscription.
2. Open Access control.
3. Click Add in the Role assignment section, there are 3 fields to assign:
3.1 Role: Reader.
3.2 Assign access to: Azure AD user, group or service principal (it is the default value).
3.3 Select the application we created before.
3.4 Click Save. It may take some seconds for Azure to save changes, after that it should be possible to log in and read regions etc in Ardoq.