Microsoft Azure

target azure


The following object illustrates how to securely pass your Azure API credentials within a config.




the Azure subscription id


the Azure directory tenant id


the Azure application client id


the Azure client secret

Application & Subscription-Scoped RBAC

A prerequisite to using Azure as an orchestration target with Provide is registering a directory application and assigning the appropriate permissions via a custom role. This role should be created using the Access control (IAM) tool located within the Azure Subscriptions service. A sample role definition has been provided; you will need to update the assignableScopes section provided in the sample JSON with your subscription scope.

  "properties": {
    "roleName": "Provide Azure Role",
    "description": "permissions granted to Azure applications for use with Provide",
    "assignableScopes": [
    "permissions": [
        "actions": [
        "notActions": [],
        "dataActions": [],
        "notDataActions": []

Register a new single-tenant application within the Azure Active Directory service, create a custom role (as describe above) and assign the role to the registered application.

Last updated