Create Azure Application

1. Activate a Subscription: Activate at least one subscription by navigating to https://portal.azure.com/#allservices in Azure Account and Select Subscriptions service. If no subscriptions are available, click on Add to add a new subscription.

Copy the Subscription ID. This ID will be used at the time of creating an AKS cluster via gopaddle.

2. Register Resource Providers: Click on the subscription created in step 1 and select Resource Providers. Select the following Resource Providers and register them.

3. Add a User: To add a new user, go to https://portal.azure.com/#allservices and filter & select Azure Active Directory. Under Manage option, select Users. Create a New User.

4. Create Custom Role: Add Owner role to the newly created user, by navigating to Subscriptions under https://portal.azure.com/#allservices. Select the subscription. Filter and select IAM. Under Access Control (IAM) Section, choose + Add to add a custom role.

In the role creation wizard, choose the JSON tab. Click Edit to edit the permissions list.

Download Custom Role ACL Template and replace <role-name> with the custom role name and <subscription-id> with the Azure subscription id.

Update the JSON permissions list in the Azure Console with the updated permissions from the template.

Click on Review + create to create the custom role.

5. Access Control (IAM) Section, 'Add role assignments'. Select the custom role and assign it to the newly created user.

6. Add Application Administrator Role: Navigate to this users list from here https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers. Select the user and choose the Assigned Roles. Add 'Application administrator' role to the user.

7. Add an Application: Login to the Azure portal as the new User. Go to https://portal.azure.com/#allservices and select Azure Active Directory. Under Manage option, select App Registrations. Click on New Registration and add a new Application. Choose the account type as : Accounts in any organizational directory (Any Azure AD directory - Multitenant)

To create Azure Cluster from a SaaS gopaddle account, provide the redirect URL as https://portal.gopaddle.io/cloudaccounts . To create Azure Cluster from an on-premise gopaddle installation, provider the redirect URL as <http (or) https>://<gopaddlehomeIP/domain>/clouds. 8. Once the application is created, click on the Application to manage the application. Note down the Application (client) ID.

9. Add Client Secret : Under Manage option, select Certificates and Secrets. Create a New client secret. Note down the Value of the client secret. The Application (client) ID and the client secret Value generated in step 5 and 6 will be used to register a new Cloud Account Authenticator.