Obtain Azure ARM pricing credentials for CSP

Owned by MS (Unlicensed)
Last updated: Jun 14, 2023
4 min read

Introduction

To work with Microsoft Partner Center in Abiquo, add pricing credentials to your Abiquo reseller enterprise.

  1. Create an Application with the following Azure attributes:

    1. Application (client) ID

    2. Directory (tenant) ID

    3. Application password

  2. Follow this guide to give consent for the Application to work with:

    1. AccessToken

    2. RefreshToken

 

Abiquo provides these instructions as a guide only and we update them occasionally. 

Abiquo recommends that customers follow the instructions of the cloud provider, for example, at the time of writing for Azure:

Create an ARM application using Azure portal

  1. Log in to the Azure portal using a user with Admin agent role

  2. In the Home view, under Azure services, click Azure Active Directory. Or in the search box, enter Azure Active DirectorySelect Azure Active Directory.

    Select Azure Active Directory
    Select Azure Active Directory



  3. On the left, click App registrations

  4. Click New registration.

    Under App registrations, click New registration
    Under App registrations, click + New registration

  5. To register the application, enter a Name, select the Supported account types (Account in any organizational directory), and enter a URL. If you know the URI of the partner consent service, enter it now. Or you can enter any URL and edit the application and change this value later. Click Register.

  6. Save the Application (client) ID and the Directory (tenant) ID, because you will need to configure them in Abiquo. Then click Certificates & secrets.

  7. To configure the password for the application, click New client secret, which will open the Add a client secret section. Enter a Description and an Expiry duration, then click Add.


     

    The Azure portal will display the application password ONCE ONLY. You must use this password in Abiquo, so make sure to save it, because Azure will not display it again.


Assign permissions to the App

After you create the App, go to API permissions and add the following permissions.

For each of the permissions:

  1. Click + Add

  2. Click the Grant for ... button

    1. Azure Service Management: user_impersonation

      Microsoft Graph: Application.ReadWrite.All, RoleManagement.ReadWrite.Directory

      Microsoft Partner: user_impersonation

      Microsoft Partner Center: user_impersonation

  3. After you add the permissions, and grant them for your account, the center of the screen should look as follows.

  4. Add the application’s service principal to the Admin agents group in the CSP Partner’s Azure AD Active directory.

    You can search for Microsoft Partner and Microsoft Partner Center using their application IDs, which are 4990cffe-04e8-4e8b-808a-1175604b879f and fa3d9a0c-3fb0-42cc-9193-47c7ecd2edbd respectively, in the APIs my organization owns section.

Configure authorization for the use of Azure ARM credentials in the multi-cloud platform

As Azure now requires multi-factor authentication for CSP credentials, you must authorize the use of your credentials in the multi-cloud platform to obtain your access and refresh tokens for use in pricing credentials.

To create your own server to grant consent for the use of your Azure credentials, follow the instructions in the Azure documentation.

For general instructions, see https://docs.microsoft.com/en-us/partner-center/develop/partner-center-authentication#app--user-authentication and for Java instructions: https://docs.microsoft.com/en-us/partner-center/develop/partner-center-authentication#java-appuser-authentication.

To complete the configuration:

  1. Log in to the Azure portal

  2. Edit your Azure application

  3. In the Redirect URI, enter the URL of the partner consent service.

Add the Azure CSP pricing and billing credentials to Abiquo

Before you begin:

  1. Your administrator must create at least one compatible public cloud region in Azure ARM

  2. They must allow your enterprise to access this region.

  3. Some regions may require separate credentials, for example regions in China, and you will need to obtain credentials and create these regions separately. See https://abiquo.atlassian.net/wiki/spaces/doc/pages/330236464 .

To add pricing and billing credentials for CSP accounts:

  1. Edit the main tenant, and go to CredentialsPricing

  2. Add the pricing credentials in the following format:

    csp#dir-id#app-id#accessToken#refreshToken

    So enter the text csp#, the Directory (tenant) ID, Application (client) ID, access token, and refresh token as a single string and separate each element with a # (number/hash character).

  3. Add billing enterprise properties in the reseller enterprise. The default values are as follows:

    1. azurecompute-arm_discount = 0

    2. azurecompute-arm_currency_code = USD

    3. billing.azure.country_code = US
      For more details, see https://abiquo.atlassian.net/wiki/spaces/doc/pages/311372059.

  4. Go to PricingPrice factors and create price factors for the reseller enterprise. See https://abiquo.atlassian.net/wiki/spaces/doc/pages/402096147.

 

Obtain credentials for CSP customers

To activate compute and billing for a CSP customer:

  1. Create an app in the customer’s Active Directory

  2. Add the Azure ARM compute credentials to Abiquo for the customer enterprise.

If your customers will use billing only, then you can enter the subscription and tenant details only. See .

When customers have billing credentials, the billing data should display on the dashboard, see .

Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved