Granting enterprise applications access to your Virtual Machines

Assumptions: You have an enterprise application created within the Azure portal. If not, follow steps 1-8 on this page.

You will need to assign your application a role within the subscription that contains the Virtual Machines you wish to manage. This role will need to have permission to manage Virtual Machines. Examples of these roles are Virtual Machine Contributor, Classic Virtual Machine Contributor, or a custom/admin role.

1. Sign in to portal.azure.com and navigate to the Subscriptions page.

2. Click on the Subscription that you want to assign your app to.

   Open

   

3. In the left panel, select Access control (IAM) and in the center display click on the Role assignments tab.

   Open

   

4. In the toolbar above, click on Add → Add role assignment

5. Now search for and select the role that will have permission to manage the Virtual Machines. In this example, the Virtual Machine Contributor role will be used. Then click Next.

6. In the Members tab, click on Select members and search for the application you wish to use. This is the same application that must be configured as an Azure cloud instance on FlexDeploy. See Configure cloud account (Please note that the Test Connection might not work until after it is assigned a role on the subscription). Now select the application to add it to the Selected members section of the panel and click the Select button to finalize. Lastly, click on the Review + assign button after selecting members. It should be clickable after adding at least one member.

7. Click on the Review + assign button again and now the application should be successfully assigned to a role within the subscription.

8. Going back to the Role assignments tab under Access control (IAM) on the subscription, the new role should show up along with the application as a member.