Fortinet white logo
Fortinet white logo

Online Help

Add Azure Account: CANNOT ADD Subscription Status

Add Azure Account: CANNOT ADD Subscription Status

Background

In order for the Azure AD subscription ID to add to FortiCWP, the Subscription ID needs to provide the minimum read access to FortiCWP thus letting FortiCWP to be able to read the resources under the Subscription. If the subscription was not created by the master account or if it was not assigned with a role, it will be shown as CANNOT ADD status on FortiCWP. Please follow the steps below to add Reader, Owner, or User Access Administrator role to the Subscription.

  1. From Azure console page, search and click on Subscriptions.
  2. Click on the Subscription that is shown as CANNOT ADD status on FortiCWP.
  3. In the Subscription menu, click on Access control (IAM).
  4. '

  5. Click on + Add and select "Add role assignment".
  6. In Add role assignment drop down menu, click on Select a role and select Reader, Owner, or User Access Administrator.
  7. Leave Assign access to as "Azure AD user, group, or service principal".
  8. In Select field, search and select a member (user account) that will be associated with the role.
  9. The member (user account) should have a Global Administrator role, Application Administrator + Global Reader roles, or Cloud Application Administrator + Global Reader roles as stated in the Perquisite.
  10. Click Save to finish creating the Reader role.

Add Azure Account: CANNOT ADD Subscription Status

Add Azure Account: CANNOT ADD Subscription Status

Background

In order for the Azure AD subscription ID to add to FortiCWP, the Subscription ID needs to provide the minimum read access to FortiCWP thus letting FortiCWP to be able to read the resources under the Subscription. If the subscription was not created by the master account or if it was not assigned with a role, it will be shown as CANNOT ADD status on FortiCWP. Please follow the steps below to add Reader, Owner, or User Access Administrator role to the Subscription.

  1. From Azure console page, search and click on Subscriptions.
  2. Click on the Subscription that is shown as CANNOT ADD status on FortiCWP.
  3. In the Subscription menu, click on Access control (IAM).
  4. '

  5. Click on + Add and select "Add role assignment".
  6. In Add role assignment drop down menu, click on Select a role and select Reader, Owner, or User Access Administrator.
  7. Leave Assign access to as "Azure AD user, group, or service principal".
  8. In Select field, search and select a member (user account) that will be associated with the role.
  9. The member (user account) should have a Global Administrator role, Application Administrator + Global Reader roles, or Cloud Application Administrator + Global Reader roles as stated in the Perquisite.
  10. Click Save to finish creating the Reader role.