Contents x
    Service Principal Management
    • 21 Jan 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Service Principal Management

    • Updated on 21 Jan 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Introduction

    The first step in getting started with Cost Analyzer in Turbo360 is to add a Service Principal with reader access.

    0.png

    Service Principal is an application within Azure Active Directory, which is authorized to access resources in Azure Stack.

    Turbo360 uses the authentication tokens of the Service Principal to manage the resources.

    Client secret expiry

    • Turbo360 allows users to configure the same date as the Azure portal to notify users 7 days before the expiration date to change the Client secret.

    • Users can change the Client secret expiry date when adding or editing a Service Principal during Service Principal management.

    Add a Service Principal

    1. Navigate to Service principals section and click Add.
    2. Users can reuse any existing Service Principal or add a new one by clicking the available checkbox.
    3. Provide a name and Subscription information such as Tenant id, Client id, and Client secret expiration date.

    1.png

    1. Click Validate.
    2. Upon successful validation, click Next.
    3. The next step involves providing access to the Cost Management group. Users can opt to enable the subscription checkbox to provide complete access to the resource groups within it or enable the subscription checkbox and assign a specific resource group for limited access to the Cost Management group.

    Access policy.png

    1. Next within Select scope, users can define the scope for the chosen subscription by selecting filters such as resource types, tags, and more.

    4.png

    1. Choose the Cost Management group to grant access to the selected subscriptions.

    By collectively choosing subscriptions and clicking Bulk selection, it is possible to grant access for multiple subscriptions to similar cost management groups at once.

    1. Click Add.

    Update a Service Principal

    By editing an exisiting service principal, the user can modify the client secret and set its expiration date. Additionally, the access policy and automation rules for scope automation can also be managed.

    Edit sp.png

    Scope automation

    Scopes for Cost Management groups can be defined automatically by setting up automation rules based on the subscription names, granting access to respective groups.

    1. Go to Service principals section and Edit a Service principal to which the automation rules are to be configured.
    2. Validate the credentials and proceed to Access policy screen.
    3. Enable the toggle: "Apply the access policy across all new and existing subscriptions within the service principal. "
    4. Click Configure rule -> Add rule .

    Scope automation.png

    1. Define a condition and configure scope to automatically provide access to a Subscription for Cost Management groups. Any new or existing subscriptions that meet the specified rule will gain access to the configured scopes.

    Access policy rule configuration.png

    1. Click Save.
    2. Click Update to finish setting up the automation rules.

    Remove a Service Principal

    1. Click Delete icon next to the desired Service Principal in Service principals section
    2. Click Delete in the confirmation box

    8.png

    Was this article helpful?
    What's Next
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence