Set up credentials
Register an app in Microsoft Entra ID
Sign in to the Microsoft Entra admin center
and go to Entra ID > App registrations > New registration. Enter a name
(for example,
adapt-readonly), select
Accounts in this organizational directory only, and click Register.Copy the client and tenant IDs
On the app’s Overview page, copy the Application (client) ID and the
Directory (tenant) ID.
Create a client secret
Go to Certificates & secrets > Client secrets > New client secret. Add a
description and expiration, then click Add. Copy the secret Value
immediately, as it is shown only once.
Find your subscription ID
In the Azure portal, search for
Subscriptions, select your subscription, and copy the
Subscription ID.
Assign a Reader role
Still in the subscription, open Access control (IAM) > Add > Add role
assignment. On the Role tab choose Reader. On the Members tab
select User, group, or service principal, search for your app, then
click Review + assign.
Reader grants read-only access across the subscription. Scope the role
assignment to a resource group or specific resource if you need to narrow
access further.
Connect to Adapt
Add your credentials
Enter the values you gathered above, then click Add connection:
You can rename the connection and choose whether it is shared with your
organization or kept personal to you.
| Secret Name | Value |
|---|---|
AZURE_SUBSCRIPTION_ID | Your subscription ID |
AZURE_CLIENT_ID | Your app registration (service principal) client ID |
AZURE_CLIENT_SECRET | Your client secret |
AZURE_TENANT_ID | Your directory (tenant) ID |
Security
- Credentials are encrypted at rest with AES-256
- Assign the least-privilege role the task requires, such as Reader, and scope it to a resource group or resource rather than the whole subscription when possible
- Set a short expiration on the client secret and rotate it regularly
- Never share your client secret or commit it to source control