Skip to main content
Skip table of contents

Azure Access Management

Grant admin consent

You need to grant consent in your Azure environment for the Spotter app registered in Cloud2 Azure tenant. This workflow generates an instance of the Spotter app in your own Azure tenant. This instance can be found under the Enterprise Applications.

Consent workflow

In order to grant admin consent the user completing this guide needs Global Administrator role in Azure AD. We’re using Consent URL strategy for authentication.

Be mindful of possible Device Authentication failures

  1. Open new browser window preferably use private browsing mode

  2. Add YOUR_TENANT_ID to the following URL and grant consent with your Global Admin account

    CODE 
    https://login.microsoftonline.com/YOUR_TENANT_ID_HERE/adminconsent?client_id=08b8b2cc-48f0-4ce1-8323-411cba07eb78&state=54321&redirect_uri=https://spotter.cloud2.fi/azure-admin-consent

Verify under your Enterprise Applications that you can see Spotter

Assign permissions to Spotter

In order to assign permissions you need to be an owner of the object that the assignment is scoped. If you’re an Global admin you can elevate your permissions to User Access Administrator role to see all the management groups and subscriptions. See how to elevate access.

  • If you’re using management groups and you want data from all your subscriptions, assign Reader role to Spotter at the management group that governs all the subscriptions.

  • You can also assign the Reader role at the subscription scope per subscription. This enables you to scope out subscriptions if needed.

  • You can add role assignments from Access Control (IAM) panel as shown below

Spotter Enterprise application is the application identity within your directory (Azure AD). The service principal (enterprise app) can only be assigned access to the directory it exists and by default it does not have any access to anything before you grant them.
Spotter Enterprise application need reader rights to those subscriptions you want to be visible in Spotter. Reader rights does not have any access to customer data. (MS documentation about reader rights)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close