(Optional) Create an App registration
This task is only required when the FortiSandbox instance is using the Service Principle method to communicate with the Azure platform.
To create an App registration:
- Log in to the Azure portal.
- Go to Azure Active Directory > App registrations and click New registration.
- Register a new application.
Name Enter the application display name. Supported account types Select Accounts in this organizational directory only (Default Directory only –Single tenant). Redirect URI This section is optional. - Go to Manage > App Roles.
- Click Create app role and configure the following settings:
Display name Enter the display name for the app role. Allowed member types Select Both (Users/Groups + Applications). - Go to Manage > Certificates & secrets and click create a New client secret.
- Go to API permissions. As a minimum requirement, the following items should be granted API permissions.
For items:
Azure Service Management This is for managing deployments, hosted services, and storage accounts. Azure Storage This is for programmatic access to the Blob, Queue, Table, and File services in Azure or in the development environment via the storage emulator. - Click Add a permission.
- Click the item name.
- Click the Delegated permission tab.
- Select
user_impersonation
. - Click Add permissions.
For Microsoft Graph:
Files ReadWrite
This allows FortiSandbox to read, create, update, and delete the signed-in user's files.
User Read
This allows FortiSandbox to read the signed-in user's information.
- Click Add a permission.
- Click the item name.
- Click the Delegated permission tab.
- Select the permissions.
- Click Add permissions.