Skip to content

Create a custom role to assign to the Application

  1. Create a custom role that will be assigned to the application created for the Valtix Controller. The role gives the application permissions to create VMs, Load Balancers etc. The custom role can be created in multiple ways. One of the easiest ways is to navigate to your subscription and click Access Control (IAM)
  2. Click on Roles and on the top menu bar above Roles click +Add > Add Custom Role
  3. Give a name to the role e.g. (valtix-controller-role), keep clicking Next until you get to the JSON editing screen
  4. Click Edit on the screen and in the JSON text, under the permissions -> actions copy and paste the following content between the square brackets (no need to maintain the indentation):

    "Microsoft.ApiManagement/service/*",
    "Microsoft.Compute/disks/*",
    "Microsoft.Compute/images/read",
    "Microsoft.Compute/virtualMachines/*",
    "Microsoft.ManagedIdentity/userAssignedIdentities/read",
    "Microsoft.Network/loadBalancers/*",
    "Microsoft.Network/networkinterfaces/*",
    "Microsoft.Network/networkSecurityGroups/*",
    "Microsoft.Network/publicIPAddresses/*",
    "Microsoft.Network/routeTables/*",
    "Microsoft.Network/virtualNetworks/*",
    "Microsoft.Network/virtualNetworks/subnets/*",
    "Microsoft.Resources/subscriptions/resourcegroups/*",
    "Microsoft.Storage/storageAccounts/blobServices/*",
    "Microsoft.ManagedIdentity/userAssignedIdentities/read"
    

    This is an example screenshot of the how the content must look

    Custom Role JSON

  5. Optional - If you plan to use multiple subscriptions with Valtix, you must edit the JSON at assignableScopes to add another subscription line or change it to * (star) so it can be used with all the subscriptions

  6. Click Save at the top of the text box
  7. Click Review + Create and create the role
  8. Once the role is created go back to Access Control (IAM) and on the top menu bar, Click Add -> Add role assignment
  9. In the Role dropdown, select the role added above
  10. In the Assign access to dropdown leave it to the default (Azure AD user, group, service principal)
  11. In the Select text box, type in the name of the application created earlier (e.g. valtixcontrollerapp) and Save
  12. In the subscription page, click on the Overview in the left menu bar and copy the subscription id to the notepad

Required Values For Valtix Controller Onboarding

Make sure you have all the following details before proceeding further

  • Subscription ID (from subscription overview page)
  • Directory (Tenant) ID (from the Azure AD app overview page)
  • Application (client) ID (from the Azure AD app overview page)
  • Client Secret (Copied when the Client secret was created)