๐Ÿ”— Supported Cloud Objects๐Ÿ”— Portal๐Ÿ”— REST API๐Ÿ”— tuono.com

Additional Steps for Short-Term Credentials

The following steps are only required for Short-Term Credentials.

With short-term credentialing, you grant individual users the right to use the Tuono application in your organization, and then grant specific users the right to make changes in specific subscriptions. To properly enable short-term credentialing:

  1. Search for Enterprise Applications in the search box at the top of the page and click on it.

  2. Click on the Tuono application.

  3. Under Properties, set User assignment required? to Yes.

  4. Set Visible to users? to No. Note: This is optional, but recommended.

  5. Click on the Save **button at the top to save those changes.

  6. Under Users and groups, add the users you want to have access to Tuono services.

  7. Search for App registrations in the search box at the top of the page and click on it.

  8. Click on the Tuono application.

  9. Under Authentication, in the Platform configurations section, click on Add a platform. Select Single-page application. Put the following two entries into the Redirect URI:

        https://portal.tuono.io/azure-auth

    https://portal.tuono.io/

  10. Click the Configure button.

  11. In the Implicit grant **section - below _Logout URL**_ - make sure both of the check boxes are checked.

  12. Click on the Save button at the top to save those changes.

  13. Under API permissions click on Add a permission and select Delegated "Azure Service Management" and check the box next to user_impersonation. This permission allows your users to authenticate with their own credentials and use Tuono to provision cloud resources on their behalf.

  14. Under API permissions click on Add a permission and select Delegated "Azure Key Vault" and check the box next to "user_impersonation". This permission allows your users to authenticate with their own credentials and use Tuono to provision cloud resources on their behalf.

  15. Under API permissions click on Add a permission and select Delegated "Microsoft Graph" and check the box next to Application.Read.All. This permission allows the app to read applications and service principals on behalf of the signed-in user.

  16. Click on Grant admin consent for Default Directory and then Yes.

If you have completed your configuration for Short-Term Credentialing, then head straight here to add them to the Tuono Portal.

PreviousGUI ConfigurationNextAdditional Steps for Dynamic Credentials

Last updated

Was this helpful?