Fortinet black logo

Azure Administration Guide

Creating an Azure Fabric connector using service principal

Copy Link
Copy Doc ID 0489513b-b3c1-11e9-a989-00505692583a:948968
Download PDF

Creating an Azure Fabric connector using service principal

To create an Azure Fabric connector:
  1. Log in to the FortiGate-VM in a browser.
  2. Go to Security Fabric > Fabric Connectors. Click Create New.
  3. Under Public SDN, select Microsoft Azure.
  4. In the Name field, enter the desired name.
  5. In another browser tab, go to the Azure portal. You can find information required to configure the Azure Fabric connector, such as the tenant and client IDs and client secret, in the Azure portal. Find the tenant and client IDs:
    1. In the Azure portal, search for active directory. Click the Azure Active Directory service.

    2. Go to App registration.
    3. Click New registration.
    4. In the Name field, enter the desired name. In this example, the name is fgtsdn.
    5. Click Register.
    6. The overview of the newly created app registration shows the tenant and client ID that the Azure Fabric connector requires. Enter the Azure Application (client) ID value and Directory (tenant) ID values in the Tenant ID and Client ID fields, respectively, in FortiOS.

  6. Assign a role to the fgtsdn application:
    1. In the Azure portal, search for subscriptions to assign the level of scope to assign this application to.
    2. Click Pay-As-You-Go.
    3. Go to Access control (IAM).
    4. Click Add role assignment.
    5. From the Role dropdown list, select Contributor.
    6. In the Select field, enter the app name. In this example, it is fgtsdn.
    7. Click Save.
  7. Generate the client secret value:
    1. Repeat steps 5a-b.
    2. Click the fgtsdn user.
    3. Go to Certificates & secrets.
    4. Click the New client secret button.
    5. In the Description field, enter the desired description.
    6. Under Expires, select the desired expiry period.
    7. Click Add.
  8. Copy the newly created client secret value in to the Client secret field in FortiOS.

  9. Click OK. Wait until the Azure Fabric connector displays a green arrow before proceeding.

Creating an Azure Fabric connector using service principal

To create an Azure Fabric connector:
  1. Log in to the FortiGate-VM in a browser.
  2. Go to Security Fabric > Fabric Connectors. Click Create New.
  3. Under Public SDN, select Microsoft Azure.
  4. In the Name field, enter the desired name.
  5. In another browser tab, go to the Azure portal. You can find information required to configure the Azure Fabric connector, such as the tenant and client IDs and client secret, in the Azure portal. Find the tenant and client IDs:
    1. In the Azure portal, search for active directory. Click the Azure Active Directory service.

    2. Go to App registration.
    3. Click New registration.
    4. In the Name field, enter the desired name. In this example, the name is fgtsdn.
    5. Click Register.
    6. The overview of the newly created app registration shows the tenant and client ID that the Azure Fabric connector requires. Enter the Azure Application (client) ID value and Directory (tenant) ID values in the Tenant ID and Client ID fields, respectively, in FortiOS.

  6. Assign a role to the fgtsdn application:
    1. In the Azure portal, search for subscriptions to assign the level of scope to assign this application to.
    2. Click Pay-As-You-Go.
    3. Go to Access control (IAM).
    4. Click Add role assignment.
    5. From the Role dropdown list, select Contributor.
    6. In the Select field, enter the app name. In this example, it is fgtsdn.
    7. Click Save.
  7. Generate the client secret value:
    1. Repeat steps 5a-b.
    2. Click the fgtsdn user.
    3. Go to Certificates & secrets.
    4. Click the New client secret button.
    5. In the Description field, enter the desired description.
    6. Under Expires, select the desired expiry period.
    7. Click Add.
  8. Copy the newly created client secret value in to the Client secret field in FortiOS.

  9. Click OK. Wait until the Azure Fabric connector displays a green arrow before proceeding.