GUI Configuration

I like the Portal. Show me where to go...

Start by going to the Azure Portal.

Creating the Tuono Application

In the search bar at the top of the page, type in Azure Active Directory, then click on it:

Click the App registrations control in the left-hand pane:

Near the top of the screen, click the New registration button:

In the Register an Application page, enter Tuono as the application name.

This name can be changed, but please note that the documentation will refer to it as "Tuono" throughout.

You can accept the defaults for the remaining settings and click Register :

On the next screen you can see some properties of the application. You will need to make note of the Application (client) ID and the Directory (tenant) id - in the screenshot below, the Application (client) ID is circled and the tenant identifier is immediately below that:

Generating a Secret

Tuono needs a secret to be generated. This grants access to this application in your organization. Click on Certificates & secrets **:

Then click on New client secret :

We suggest you set the description to Tuono Access and choose an expiration. Tuono will not be aware of the expiration date, so we recommend you manually manage Tuono's access to your organization and set expiration to Never - the example picture shows in 1 year - then click the Add button to generate a secret:

This is the only time you will be able to obtain the secret key. Store it in a safe and secure location. If you loose this, you will need to recreate the user and update the affected Tuono credentials.

Grant Access to Subscriptions

In Azure, a subscription is essentially a billable account. You must grant Tuono (static, dynamic credentialing) or user (short-term credentialing) sufficient access to at least one of your subscriptions. Each Tuono credential is bound to one subscription, however you can have multiple credentials in your Tuono organization. To begin, go to the search bar at the top of the Azure Portal and enter Subscriptions, then click on the link:

Select a subscription and record the Subscription ID :

Now click on the subscription name to modify the properties:

Locate the Access control (IAM) link in the left-hand pane and click on it, then locate the Add a role assignment and click on Add:

Assign Tuono a role in the subscription if you are using Dynamic or Static credentialing.

1. For Dynamic credentialing, grant an Owner role.

2. For Static credentialing, grant a Contributor role.

Assign one or more users a role in the subscription if you are using short-term credentialing. You do not need to assign Tuono a role in the subscription if you are using short-term credentialing.

In the Assign access to field enter Tuono, then click Save:

If you require Short-Term Credentialing, please follow the additional steps here.

If you require Dynamic Credentialing, please follow the additional steps here.

If you are happy with Static Credentialing, then head straight here to add them to the Tuono Portal.