How to configure MS Azure Automation for integration with ONEiO

Introduction

This document shows an example of what needs to be done in Microsoft Azure to make it integration-ready with the endpoint in your ONEiO. Note also, that the number of fields used in integrations might vary. 

In case you have questions related to setting up the integration, send a mail to support@oneio.cloud.

You can sign up for a free trial of ONEiO from the following link: ONEiO Free Trial

 

Overview

This article gives an overview of the required steps to integrate ONEiO and Microsoft Azure Automation. In this guide we will cover following steps to have a successful integration between ONEiO and Microsoft Azure Automation:

1. Setting up the App Registration in Azure AD
2. Creating a subscription in https://portal.azure.com/
3. Creating a Resource Group that will be used for the integration 
4. ONEiO Setup

Prerequisites

In order to be able to use this integration, having an active subscription for Microsoft Azure is required. If your company already has one set up, great, this will save some time in setting up. If no active subscription for Azure exists yet, Microsoft offers a free trial, and after the trial expires, the  company can select a plan. For integrating Azure Automation, the basic 'pay as you go' subscription will suffice, as part of the subscription includes 500 free minutes of Azure Automation runtime, which is sufficient for running multiple Use Cases with this integration.

In Azure AAD portal:

1. Sign into an Admin account and log into azure portal.
2. In the Menu or under Azure Services at the top of the landing page, navigate to Azure Active Directory

 

3. In Azure Active Directory in the left pane, select App registrations and click on New registration.

 

• Name it according to your needs and standards; in this example we will name it “ONEiO Automation Integration”.
• Select Accounts in any organizational directory option from Supported account types section.
• Click on Register to create the application.

 

 

 

4. On the app Overview page, hover over Application (client) ID value, and select the Copy to clipboard icon to copy the value and save for later, then navigate to Certificates & secrets in the left pane.

 

5. In the Certificates & secrets screen, click on “New client secret”, Give it a description and set the Expiration Date (For the testing Environment, I selected 24 Months, but this can also be set custom, depending on your security requirements)
   • Take note of the expiration date, as this is important to schedule when to update OAuth information later in the ONEiO app

 

 

 

    6. Navigate to ‘Expose an API’ in the left pane and add/set the API URI

 

 

 

 

 

    7. Lastly, navigate back to the overview of the App registration, click ‘Endpoints’ and

        save the following 2 Endpoints for later use:

• OAuth 2.0 authorization endpoint (v2)
• OAuth 2.0 token endpoint (v2)

 

 

Set up of Azure Automation

 

 

 

1. In the Azure Portal navigate to “Automation Accounts”

          This may need to be searched under ‘More Services’ for the first time

 

2. Click on Create to create a new automation account

 

 

Detailed steps:

 

 

• Select your Azure Subscription (if no subscription exists yet, you will be prompted to create one)
• Select your Resource group (These are based on already existing resource groups within your Azure AD. If no Resource Groups have been configured yet, you will need to create one through Azure AD)
• Select your Region (EU-West in most cases, however, this is based on your requirements)
• Click Next in the bottom right to continue to Advanced Settings, and Select System assigned for the ‘Managed Identities’ settings.

 

 

• Continue to the Networking section by clicking next in the bottom right
• For ‘Connectivity Configuration’ select Public Access (this can be reconfigured to Private access later)
• Advance to ‘Review + Create’ Section, let the automatic Validation run, and click on Create to finish the Automation Account Setup.

 

2. Verify Required Modules are imported

     Go to your Azure Automation account --> Module --> Browse and Install below modules:

• AzureAD
• ExchangeOnlineManagement
• This list may expand depending on scripts and use cases that you are trying to accomplish
  • For example, if you are trying to create a runbook that creates Virtual Machines, you will need to add the AzureRM.Compute Module

 

 

 

 

 

 

 

 

 

Please make sure that the selected Runtime version of each module is 5.1 currently.

 

 

3. Create credentials in Azure automation account.

Fill in the credential from the account from step number 9 in AzureAD Section.

 

 

 

 

6. Add Role “Contributor” for the App registration from AAD

 

 

 

 

1. Create AzureRunAsCertificate and AzureRunAsConnection (this is only needed in some cases, as it is created automatically initially for the AzureServicePrincipal)

 

 

 

8. Import the Azure Automation Runbook

 

 

 

 

9. Publish the runbook and test it out with the parameters

 

• Runbooks need to be in the authoring status published, before they are able to be ran. If they are new, or in edit, Azure AD will throw errors, however you can test while in editing mode, if the runbook would work.

 

Setting up the MS Azure Automation Endpoint Type in ONEiO

Select the MS Azure Automation Endpoint type out of the list of available endpoint types.

 

The basic 'Create' view of the MS Azure Automation Endpoint Types gives you following fields that need to be updated with your info:

 

 

 

• Name - This is the name that will show up in your endpoints view later
• Base URL - The basic URL to your system is already in place, and you need to replace the ${} Placeholders with the required information from your Microsoft Azure Environment. You will need the correct Subscription ID and the correct Resource Group for this.
• The Inbound Section allows you to determine the polling interval of the endpoint. This will poll the Azure environment based on the value. The First Poll Date/Time field will be the base what information is requested to be received.
• The outbound section requires the previously stored Client ID, Client Secret and Token Endpoint Url from your App Registration.

The endpoint does come with the 3 following entities:

1. AutomationAccount - This is the highest level. This entity allows you to create new Azure Automation accounts within the subscription and selected Resource Group. This can come in beneficial when multiple different use cases are covered, but need to be separated within the Azure Environment
2. Runbook - This is the second highest level. Runbook entity allows the creating, editing, and deleting of runbooks within an automation account. This can streamline release management of new powershell scripts or keeping data up to date
3. AutomationJob - This is the third level in the Automation Account entity. This is the level, at which most of the use cases are able to work and automate, as this entity is used to pass parameters from your ITSM tool on to Azure and the runbooks are triggered and have enough information to run the jobs and automate tools. Some example use cases are Mailbox Management, Resource Management, or User Management, which have different runbooks within an automation account.