Versions Compared

Version Old Version 9 New Version Current
Changes made by

MS

MS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

Table of Contents

Introduction

To work with Azure ARM Microsoft Partner Center in Abiquo, you'll need to add pricing credentials to your Abiquo enterprise. You can add one set of credentials from a subscription to one Abiquo enterprise onlyreseller enterprise.

  1. Create an

...

  1. You may require separate credentials for some groups of regions, for example, regions in China.

...

  1. Application with the following Azure attributes:

...

    1. Application (client) ID

    2. Directory (tenant) ID

    3. Application password

  2. Follow this guide to

...

  1. give consent for the Application to work

...

  1. with:

    1. AccessToken

    2. RefreshToken

Note

Abiquo provides these instructions as a guide only and we update them occasionally. 

Abiquo recommends that customers follow the instructions of the cloud provider, for example, at the time of writing for Azure:

...

Obtain details of your Azure subscription

To obtain details of your Azure subscription, do the following steps.

...

Click on your subscription

Info
titleTroubleshooting

If the subscription does not display, check that you have selected the correct directory. Click on the directory name in the top right corner. From here you can switch directory

Image Removed

...

Save the Subscription ID to enter in the Abiquo credentials.

...

Create an ARM application using Azure

...

Abiquo uses the ARM application ID to access the ARM API and compute features.

Info

To use the platform's billing features only (without the compute features), you do not need an ARM application. See Add credentials of reseller customers for billing only

...

portal

  1. Log in to the Azure portal using a user with Admin agent role

  2. In the Home view, under Azure services, click Azure Active Directory. Or in the search box, enter

...

  1.  Azure Active DirectorySelect Azure Active Directory.

...

  1. Select Azure Active DirectoryImage Added


  2. On the left, click App registrations

  3. Click New registration.

...

  1. Under App registrations, click New registrationImage Added

  2. To register the application, enter a Name, select the Supported account types (Account in any organizational directory), and enter a URL. If you know the URI of the partner consent service, enter it now. Or you can enter any URL and edit the application and change this value later. Click Register.

...

  1. Register the applicationImage Added

  2. Save the Application (client) ID and the Directory (tenant) ID, because you will need to configure them in Abiquo. Then click Certificates & secrets.

...

  1. Save the Application ID and Directory ID and go to Certificates and secretsImage Added

  2. To configure the password for the application, click New client secret, which will open the Add a client secret section. Enter a Description and an Expiry duration, then click Add.

...


  1. Add a client secretImage Added

    The Azure portal will display the application password ONCE ONLY. You must use this password in Abiquo, so make sure to save it, because Azure will not display it again.

...


  1. Obtain the App passwordImage Added

...

Go to the Subscriptions menu, select the subscription you want to associate the application with, and add a new permission for it with these steps.

  1. Select Access control (IAM)

  2. Click Add

  3. Click Add role assignment

  4. In the dialog, select the Contributor role, and in the Select box, enter the name of the application. Then click Save

    Image Removed

Go to the Subscriptions menu again and select Resource providers

...

Search for the Microsoft.Compute provider and click Register to add it for the subscription if it is not already added

...

Assign permissions to the App

After you create the App, go to API permissions and add the following permissions.

For each of the permissions:

  1. Click + Add

  2. Click the (tick) Grant for ... button

    1. Azure Service Management: user_impersonation

      Microsoft Graph: Application.ReadWrite.All, RoleManagement.ReadWrite.Directory

      Microsoft Partner: user_impersonation

      Microsoft Partner Center: user_impersonation

  3. After you add the permissions, and grant them for your account, the center of the screen should look as follows.

    Azure CSP API permissions for AppImage Added

  4. Add the application’s service principal to the Admin agents group in the CSP Partner’s Azure AD Active directory.

    You can search for Microsoft Partner and Microsoft Partner Center using their application IDs, which are 4990cffe-04e8-4e8b-808a-1175604b879f and fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd respectively, in the APIs my organization owns section.

Configure authorization for the use of Azure

...

ARM credentials in the multi-cloud platform

As Azure now requires multi-factor authentication for CSP credentials, you must authorize the use of your credentials in the multi-cloud platform to obtain your access and refresh tokens for use in pricing credentials

...

.

To create your own server to grant consent for the use of your Azure credentials, follow the instructions in the Azure documentation.

For general instructions, see https://docs.microsoft.com/en-us/partner-center/develop/partner-center-authentication#app--user-authentication and for Java instructions: https://docs.microsoft.com/en-us/partner-center/develop/partner-center-authentication#java-appuser-authentication.

To complete the configuration:

  1. Log in to the Azure portal

  2. Edit your Azure application

  3. In the Redirect URI, enter the URL of the partner consent service.

Generate new Azure access and refresh tokens for use in the multi-cloud platform

...

Add the Azure CSP pricing and billing credentials to Abiquo

Before you

...

begin:

  1. Your administrator must create at least one compatible public cloud region in Azure ARM

...

  2. They must allow your enterprise to access this region.

  3. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See Create a public cloud region .

To

...

add pricing and billing credentials for CSP accounts:

  1. Edit the main tenant, and go to Credentials

...

  1. Pricing

  2. Add the pricing credentials in the following format

...

  1. :

...

  1. Code Block

...

  1. csp#dir-id#app-

...

  1. id#accessToken#refreshToken

    So enter the text csp#, the Directory (tenant) ID, Application (client) ID,

...

Add the Azure CSP pricing and billing credentials to Abiquo

Before you add credentials, your administrator must create at least one compatible public cloud region in Azure ARM, and allow your enterprise to access this region. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See Create a public cloud region

For CSP accounts, the main tenant should add the pricing credentials in the following format:

Code Block
csp#dir-id#app-id#accessToken#refreshToken

This means you should enter the text "csp", Directory (tenant) ID, Application (client) ID, access token, and refresh token as a single string and separate each element with a '#'.

The customer tenants do not need to add pricing credentials. The platform will use the CSP credentials for the customer tenants in the hierarchy.

...

  1. access token, and refresh token as a single string and separate each element with a

...

Code Block
566058dd-80bc-4ccc-8d6e-e9ac00c4b4a1#8927a710-4f4d-4d11-811c-94c36e9b2c3f#fbb96b71-f92c-4f78-acf7-cd88bdee36b1

  1. # (number/hash character).

  2. Add billing enterprise properties in the reseller enterprise. The default values are as follows:

    1. azurecompute-arm_discount = 0

    2. azurecompute-arm_currency_code = USD

    3. billing.azure.country_code = US
      For more details, see Display Azure billing data.

  3. Go to PricingPrice factors and create price factors for the reseller enterprise. See Manage price factors.

...

Obtain credentials for CSP customers

To activate compute and billing for a CSP customer:

  1. Create an app in the customer’s Active Directory

  2. Add the Azure ARM compute credentials to Abiquo for the customer enterprise.

If your customers will use billing only, then you can enter the subscription and tenant details only. See Add credentials of Azure reseller customers for billing only.

When customers have billing credentials, the billing data should display on the dashboard, see Display Azure billing data .