Fortinet black logo

FortiSandbox VM on Azure

Home FortiSandbox Public Cloud 4.2.1 FortiSandbox VM on Azure

(Optional) Create an App registration

4.2.1
4.4.0
4.2.1
4.2.0
4.0.0
3.2.0
3.1.0
3.0.0
Copy Link
Copy Doc ID baade84c-0e8a-11ed-bb32-fa163e15d75b:583393
Download PDF

(Optional) Create an App registration

This task is only required when the FortiSandbox instance is using the Service Principle method to communicate with the Azure platform.

To create an App registration:
  1. Log in to the Azure portal.
  2. Go to Azure Active Directory > App registrations and click New registration.

  3. Register a new application.
    NameEnter the application display name.
    Supported account types Select Accounts in this organizational directory only (Default Directory only –Single tenant).
    Redirect URI This section is optional.

  4. Go to Manage > App Roles.

  5. Click Create app role and configure the following settings:

    Display nameEnter the display name for the app role.
    Allowed member typesSelect Both (Users/Groups + Applications).

  6. Go to Manage > Certificates & secrets and click create a New client secret.

  7. Go to API permissions. As a minimum requirement, the following items should be granted API permissions.

    For items:

    Azure Service ManagementThis is for managing deployments, hosted services, and storage accounts.
    Azure StorageThis is for programmatic access to the Blob, Queue, Table, and File services in Azure or in the development environment via the storage emulator.
    1. Click Add a permission.
    2. Click the item name.
    3. Click the Delegated permission tab.
    4. Select user_impersonation.
    5. Click Add permissions.

    For Microsoft Graph:

    Files

    ReadWrite

    This allows FortiSandbox to read, create, update, and delete the signed-in user's files.

    User

    Read

    This allows FortiSandbox to read the signed-in user's information.

    1. Click Add a permission.
    2. Click the item name.
    3. Click the Delegated permission tab.
    4. Select the permissions.
    5. Click Add permissions.
Previous
Next

(Optional) Create an App registration

This task is only required when the FortiSandbox instance is using the Service Principle method to communicate with the Azure platform.

To create an App registration:
  1. Log in to the Azure portal.
  2. Go to Azure Active Directory > App registrations and click New registration.

  3. Register a new application.
    NameEnter the application display name.
    Supported account types Select Accounts in this organizational directory only (Default Directory only –Single tenant).
    Redirect URI This section is optional.

  4. Go to Manage > App Roles.

  5. Click Create app role and configure the following settings:

    Display nameEnter the display name for the app role.
    Allowed member typesSelect Both (Users/Groups + Applications).

  6. Go to Manage > Certificates & secrets and click create a New client secret.

  7. Go to API permissions. As a minimum requirement, the following items should be granted API permissions.

    For items:

    Azure Service ManagementThis is for managing deployments, hosted services, and storage accounts.
    Azure StorageThis is for programmatic access to the Blob, Queue, Table, and File services in Azure or in the development environment via the storage emulator.
    1. Click Add a permission.
    2. Click the item name.
    3. Click the Delegated permission tab.
    4. Select user_impersonation.
    5. Click Add permissions.

    For Microsoft Graph:

    Files

    ReadWrite

    This allows FortiSandbox to read, create, update, and delete the signed-in user's files.

    User

    Read

    This allows FortiSandbox to read the signed-in user's information.

    1. Click Add a permission.
    2. Click the item name.
    3. Click the Delegated permission tab.
    4. Select the permissions.
    5. Click Add permissions.
Previous
Next