1. Activate a Subscription: Activate at least one subscription by navigating to https://portal.azure.com/#allservices in Azure Account and Select Subscriptions service. If no subscriptions are available, click on Add to add a new subscription.

Copy the Subscription ID. This ID will be used at the time of creating an AKS cluster via gopaddle.

2. Register Resource Providers: Click on the subscription created in step 1 and select Resource Providers. Select the following Resource Providers and register them.

3. Add a User: To add a new user, go to https://portal.azure.com/#allservices and filter & select Azure Active Directory. Under Manage option, select Users. Create a New User.

4. Create Custom Role: Add Owner role to the newly created user, by navigating to Subscriptions under https://portal.azure.com/#allservices. Select the subscription. Filter and select IAM. Under Access Control (IAM) Section, choose + Add to add a custom role.

In the role creation wizard, choose the JSON tab. Click Edit to edit the permissions list.

Download Custom Role ACL Template and replace <role-name> with the custom role name and <subscription-id> with the Azure subscription id.

Update the JSON permissions list in the Azure Console with the updated permissions from the template.

Click on Review + create to create the custom role.

5. Access Control (IAM) Section, 'Add role assignments'. Select the custom role and assign it to the newly created user.

💡 Note: The permssions for the custom role does not allow the newly created user to create or delete a Container registry. Either a root user or a different sub-user with sufficient permissions, can create the Container registry. The newly created sub-user can then push or pull the Docker images from this registry.

6. Add Application Administrator Role: Navigate to this users list from here https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers. Select the user and choose the Assigned Roles. Add 'Application administrator' role to the user.

7. Add an Application: Login to the Azure portal as the new User. Go to https://portal.azure.com/#allservices and select Azure Active Directory. Under Manage option, select App Registrations. Click on New Registration and add a new Application. Choose the account type as : Accounts in any organizational directory (Any Azure AD directory - Multitenant)

To create Azure Cluster from a SaaS gopaddle account, provide the redirect URL as https://portal.gopaddle.io/cloudaccounts . To create Azure Cluster from an on-premise gopaddle installation, provider the redirect URL as <http (or) https>://<gopaddlehomeIP/domain>/clouds. 8. Once the application is created, click on the Application to manage the application. Note down the Application (client) ID.

9. Add Client Secret : Under Manage option, select Certificates and Secrets. Create a New client secret. Note down the Value of the client secret. The Application (client) ID and the client secret Value generated in step 5 and 6 will be used to register a new Cloud Account Authenticator.