Pre-Onboarding for Azure CSP Direct Accounts

Introduction

This user guide will explain how to perform the pre-onboarding steps required for onboarding an Azure CSP Direct account into the platform.

Pre-onboarding

There are certain pre-requisites that need to be set up in your Azure CSP Direct Parent Account before it can be onboarded into the platform.

Onboarding an Azure CSP Direct Parent Account allows you to discover and onboard the Azure CSP Subscriptions and Azure CSP Customer accounts available within the specific Azure CSP Direct Parent Account. Also, new Azure CSP Customer accounts can be created under an onboarded Azure CSP Direct Parent Account from the platform itself.

Once the CSP Direct Parent Account is onboarded, you will need to onboard each CSP Subscription afterwards.

Based on the authentication type you choose while onboarding the Azure CSP Direct Parent Account, the following information must be retrieved from the Azure console.

1. App-only Based

The following values must be generated/copied from your Microsoft Partner Dashboard (partner.microsoft.com) and configured in the platform.

  1. Login to the Microsoft Partner Dashboard using a global admin account: https://partner.microsoft.com.
  2. Select Account Settings in the Settings menu in the top right (Gear Symbol).
  3. Select App management in the Account Settings screen.
  4. If you do not already have an existing app, add a new web app.
  5. If you have an existing web app, click Add key button.
  6. Copy the app registration information such as Application ID and Application Secret.

You can retrieve the Tenant ID (Microsoft ID) from the Azure AD Profile screen in the Microsoft Partner Dashboard.

Copy all these details (Tenant ID, Application ID, and Application Secret) and provide them while onboarding your Azure CSP Direct account into the platform using App-only based authentication.

2. Authorization Code Based

User account permissions (only for Authorization Code based):

The following permissions must be configured in your Azure CSP Direct Account before onboarding.

  • You must login as a Global Admin into the Partner Center and create a user for Partner Center with the following privileges:
    • Billing Admin: To view rates, usage, and invoice details.
    • Sales Agent: To create and manage customers and their subscriptions.
  • A secure application registered with necessary API permissions should be provided.

To enable API access for your Azure CSP Direct account:

  1. Navigate to API permissions from the Overview screen.
  2. Click Add a permission. The Request API permissions screen appears.
  3. Search for Microsoft Partner Center API in the Request API permissions screen.
  4. Select Microsoft Partner Center API and enable user_impersonation checkbox.
  5. Set the Delegated Permissions to Partner Center.
  6. Click Add permissions. The Configured permissions screen appears.
  7. Click Grant admin consent.

The following values must be generated/copied additionally along with the other information while onboarding an Azure CSP Direct account using Authorization Code option.

Redirect URI:

The following redirect URI that is configured while registering an application to generate the application ID must be used: http://localhost/

Authorization Code:

  1. Construct an URL in the following format:
    https://login.microsoftonline.com/<Tenant ID>/oauth2/authorize?client_id=<Client ID>&redirect_uri=<Redirect URI>&response_type=code&prompt=admin_consent
  2. Open an InPrivate or Incognito mode of browser window and access the above URL.
  3. Login using your Admin (GA + Admin Agent) credentials and accept when prompted.
  4. The page will be redirected to the Redirect URI, but the address bar will have the Authorization Code specified after code=.

📘

Note:

The values retrieved in the earlier steps can be used instead of <Tenant ID>, <Client ID>, and <Redirect URI> specified in the URL format.

Copy and provide these details additionally in the platform while onboarding your Azure CSP Direct account using Authorization Code based authentication.