Onboard Your Microsoft Azure Cloud Account
After subscribing to Aviatrix Cloud Network Security Platform-as-a-Service (Aviatrix PaaS), you need to connect your cloud accounts with the Aviatrix Platform. When your cloud account is onboarded, Aviatrix Platform can discover, monitor, and manage the assets in your Azure network.
There are two methods for onboarding your Azure cloud account. Select one of the following methods and complete the related tasks:
-
Use the CLI to Onboard Azure (Recommended)
Use the CLI to Onboard Azure
The CLI method automates creation of and connection to an application (service principal) in Azure, so it is easy and quick. This is the recommended onboarding method.
The Aviatrix PaaS onboarding script performs the following tasks:
-
Creates a service principal/application
Requires Application Administrator, Cloud Application Administrator, or Global Administrator role.
-
Assigns the Contributor role at the subscription level
Requires User Access Administrator or Owner role at subscription level.
-
Generates a client secret
Requires Application Administrator, Cloud Application Administrator, or Global Administrator role.
Prerequisite
The Azure CLI and the jq command-line processor must be installed on your system before running the script.
Perform the following steps to onboard Azure.
-
Do one of the following:
-
At firt-time login, click Begin in the Welcome page and then click Onboard Cloud Account.
-
To onboard after first-time login, go to Cloud Resources > Cloud Accounts, click + Cloud Account, and enter a unique Account Name.
-
-
Click Azure and select Azure CLI.
-
In a terminal window, log in to the Azure CLI.
Example:
az login -
Copy the command provided in the Onboard dialog, paste it into the terminal, and press Enter to run the script.
-
When prompted, enter a unique name for the Aviatrix Service Principal.
Example of the command and the command output:
$ /bin/bash -c "$(curl -fsSL --compressed https://console.avx-cloud.com/assets/scripts/onboarding_azure/azure-cloud-account-onboarding.sh)"
###########################################################
đ Starting Aviatrix PaaS Onboarding Configuration
###########################################################
âŗ Please wait while we perform the necessary checks...
â
Azure CLI and jq are installed.
###########################################################
đ Setting up Azure Aviatrix Service Principal with Contributor Role
###########################################################
Enter a user-friendly name for the Aviatrix Service Principal: <service-principal-name>
đ You entered: <service-principal-name>
âšī¸ This name will appear in the Azure Portal under:
Home > Your Subscription > Access control (IAM) > Check Access > <service-principal-name>
â
Subscription ID detected: <your-subscription-id>
âŗ Creating Azure Service Principal...
WARNING: Creating 'contributor' role assignment under scope '/subscriptions/<your-subscription-id>'
WARNING: The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
â
Azure Service Principal created successfully.
###########################################################
đ Creating Bootstrap File: avx_tf_sp.env
â ī¸ IMPORTANT: Keep this file and avx_tf_sp_20250410143127.json safe!
###########################################################
â
Bootstrap file created: avx_tf_sp.env
đ File contents:
# Aviatrix PaaS SP created on 20250410143127
Subscription ID <your-subscription-id>
Directory ID <your-directory-id>
Application ID <your-application-id>
Client Secret <your-client-secret>
âšī¸ The following is the decoded JSON output (pre-base64 encoding):
{"subscription_id":"<subscription-id-value>","tenant_id":"<tenant-id-value>","client_id":"<client-id-value>","client_secret":"<client-secret-value>"}
###########################################################
đ Paste the following base64-encoded value into the PaaS console to onboard your Azure account:
<your base64-encoded value>
###########################################################
$-
Copy the base64-encoded value from the terminal output and paste it into the Command Output field in the Onboard dialog box.
-
Click Next.
You will see a Discovering Cloud Resources message that changes to a success message after resources are discovered.
-
Click Close.
-
Verify that the new cloud account displays in the list on Cloud Accounts > Overview.
It can take a couple of minutes before your VNets display under Cloud Resources > Cloud Assets. These resources need to be onboarded to Aviatrix Platform.
Next Step:
Use the Console to Onboard Azure
The Aviatrix console method requires manually collecting several IDs from Azure Portal and entering the IDs in Aviatrix Platform to create the connection.
Prerequisite
The account onboarding process requires you to copy some information from your Azure account to the Aviatrix Platform.
Have the following information available for the Azure application you will associate with Aviatrix PaaS:
-
Subscription ID
-
Directory ID
-
Application ID
-
Client Secret
| If you are uncertain how to collect this information, see Gather Information for Azure Onboarding. |
Perform the following steps to onboard Azure.
-
In Aviatrix PaaS, go to Cloud Resources > Cloud Accounts and click + Cloud Account.
-
Enter a unique Account Name and click Azure.
-
Enter the following required IDs from your Azure account.
If you are uncertain how to collect this information, see Gather Information for Azure Onboarding. -
Subscription ID
-
Directory ID
-
Application ID
-
Client Secret
-
-
Click Next.
You will see a Discovering Cloud Resources message that changes to a success message after resources are discovered.
-
Click Close.
-
Verify that the new cloud account displays in the list on Cloud Accounts > Overview.
It can take a couple of minutes before your VNets display under Cloud Resources > Cloud Assets. These resources need to be onboarded to Aviatrix Platform.
Next Step: