Follow

Creating Credentials for Azure Integration

BMC TrueSight Pulse integrates with Microsoft Azure to collect and display metrics from an Azure service. Follow the procedures in this topic to get the IDs and keys required to access Azure from TrueSight Pulse.

For a detailed video of these steps please see the following link.

Before you begin

You need the Global Admin role for performing these tasks. Request your admin for access. 

You must already have an application. Alternatively, create an application in Azure by following the steps given below:

  1. Navigate to https://manage.windowsazure.com
  2. Select Active Directory from the navigation pane and then click Default Directory from the list.
  3. Select the Applications tab and click Add
    1. Select Add an application my organization is developing
    2. Type a Name for the application, and select Web Application And/Or Web API
    3. Type https://truesight.bmc.com for the Sign-on URL, APP ID URI, and Reply URL.

Getting the client ID, client secret, and the tenant ID

Tip

Follow this procedure to get the details required by TrueSight Pulse to integrate with Microsoft Azure. For more information, refer to the Azure documentation.

  1. Navigate to https://manage.windowsazure.com
  2. Select Active Directory from the navigation pane.
  3. Click Default directory from the list.
  4. Click the Applications link, and select your application.
  5. From the Configure section, select Access Web APIs in other applications.
  6. Copy the ID from the Update your code with your client ID field to the clipboard.

    Tip

    Paste the client ID to a notepad file.

  7. From the Create a key field, click Configure key to generate a key that can be used to access the Microsoft Azure Active Directory web APIs.
    1. Select the duration from the drop-down list
    2. The permissions to other applications section should have Windows Azure Active Directory.
      • From the Application Permissions drop-down list, select:
        • Read and write devices
        • Read and write directory data
        • Read and write domains
        • Read directory data.
      • From the Delegated Permissions drop-down list, select:
        • Read all users' basic profiles
        • Read all users' full profiles
        • Read all groups
        • Read and write all groups
        • Read and write directory data
        • Read directory data.
    3. Click Add application, and select Windows Azure Service Management API.
      • Ensure no value is selected from the Application Permissions drop-down list.
      • From the Delegated Permissions drop-down list, select Access Azure Service Management as organiza...
    4. Click Save to generate and display the value for the client secret

      Attention

      Copy and paste the client secret to a notepad file. You will not be able to access the client secret after you leave the page.

  8. Click View endpoints to get a list of the App Endpoints.
  9. Copy the value from any of the fields to the clipboard. This is the endpoint used to obtain the tenant ID.

    Tip

    Paste the tenant ID in a notepad file. For example, if https://login.microsoftonline.com/random-setofcharacters-denoting-a-tenantID/oauth2/authorize is the value, you must copy and paste the highlighted section of the URL.

Adding owners for the application

  1. Navigate to https://manage.windowsazure.com > Active Directory > Default Directory > Applications > Select the Application
  2. Click the Owners link from the top of the page.
  3. Click Add owners
  4. From the list, select the owners you want to add for the application

Associating the required roles for the application

  1. Navigate to https://portal.azure.com

    Note

    You must enable Diagnostics for VMs to collect metrics.  For more information, see https://blogs.technet.microsoft.com/canitpro/2016/05/31/step-by-step-enable-diagnostics-on-an-azure-virtual-machine

  2.  From the navigation pane, click Subscriptions
  3. From the Subscriptions page, double-click the Subscription ID or click Subscription Name.

    Tip

    If you want to monitor multiple subscriptions, you will need to follow this procedure for each of those subscriptions.

  4. From the Settings pane, click Access control (IAM)
  5. Click Add, and select one role at a time:
    • Owner
    • Reader
    • Classic Storage Account Contributor
    • Storage Account Contributor
  6. Search the name of the application that you created for integrating with TrueSight Pulse, and associate it to the selected role.
  7. Repeat Step 5 and 6 for each of the roles listed in Step 5.

Result

The following is expected:

  • The data will appear in TrueSight Pulse after five to ten minutes
  • The configuration for the application is updated
  • Owners are added to the application
  • Required roles are assigned to the owners
Have more questions? Submit a request