Introduction
This document shows an example of what needs to be done in Microsoft Azure to make it integration-ready with the endpoint in your ONEiO. Note also, that the number of fields used in integrations might vary.
In case you have questions related to setting up the integration, send a mail to support@oneio.cloud.
You can sign up for a free trial of ONEiO from the following link: ONEiO Free Trial
Overview
This article gives an overview of the required steps to integrate ONEiO and Microsoft Azure Automation. In this guide we will cover following steps to have a successful integration between ONEiO and Microsoft Azure Automation:
- Setting up the App Registration in Azure AD
- Setting up Azure Automation
- Create credentials in Azure automation account
- Setting up the MS Azure Automation Endpoint Type in ONEiO
Prerequisites
To be able to use this integration, having an active subscription for Microsoft Azure is required. If your company already has one set up, great, this will save some time in setting up. If no active subscription for Azure exists yet, Microsoft offers a free trial, and after the trial expires, the company can select a plan. For integrating Azure Automation, the basic 'pay as you go' subscription will suffice, as part of the subscription includes 500 free minutes of Azure Automation runtime, which is sufficient for running multiple Use Cases with this integration.
Sending messages from ONEiO to MS Azure
Setting up the App Registration in Azure AD
In Azure AAD portal: Sign in to an Admin account and log into Azure portal.
In the Menu or under Azure Services at the top of the landing page, navigate to Azure Active Directory
In Azure Active Directory in the left pane, select App registrations and click on New registration.
Name the application according to your needs and standards; in the following example, we will name it “ONEiO Automation Integration”.
In the Supported account types section, select Accounts in any organizational directory option. Click on Register to create the application.
Hover over the Application (client) ID value on the Overview page of the app, then click on the Copy to clipboard icon to save the value for later use. Afterward, proceed to the Certificates & secrets section in the left pane.
In the Certificates & secrets screen, click on New client secret, provide a description to it and set the expiration date (for the testing Environment, I selected 24 months, but this can also be a custom value, depending on your security requirements).
Important
Take note of the expiration date, as this is important to schedule when to update OAuth information later in the ONEiO app.
Navigate to Expose an API in the left panel and set the API URI.
Lastly, navigate back to the overview of the App registration, click Endpoints and save the following two endpoints for later use:
- OAuth 2.0 authorization endpoint (v2)
- OAuth 2.0 token endpoint (v2)
Setting Up Azure Automation
In the Azure Portal navigate to Automation Accounts.
If you don't see it in the upper menu, click on More services.
Click on Create to create a new automation account.
Follow these steps:
1. Choose your Azure Subscription. If you don't have one yet, you'll be guided to create it.
2. Pick your Resource group. These are derived from existing resource groups within your Azure AD. If you haven't configured any Resource Groups yet, you'll need to create one via Azure AD.
3. Select your Region. In most instances, EU-West suffices, but this choice should align with your specific needs.
4. Proceed to Advanced Settings by clicking Next at the bottom right. Then, opt for System assigned under the Managed Identities settings.
Move forward to the Networking section by clicking Next located at the bottom right of the page. Under Connectivity Configuration, opt for Public Access (note: this can be adjusted to Private access at a later stage). Proceed to the Review + Create section, where automatic validation will run. Finally, click on Create to complete the setup of the Automation Account.
Verify that the Required Modules are imported.
Navigate to:
your Azure Automation account Module Browse and Install below modules:
- AzureAD
- ExchangeOnlineManagement
- This list may expand depending on scripts and use cases that you are trying to accomplish
- For example, if you are trying to create a runbook that creates Virtual Machines, you will need to add the AzureRM.Compute Module
Please make sure that the selected Runtime version of each module is 5.1 currently.
Create credentials in Azure automation account
Fill in the credential from the account from step number 9 in AzureAD Section.
Add Role Contributor for the App registration from AAD.
Create the AzureRunAsCertificate and the AzureRunAsConnection (this is only needed in some cases, as it is created automatically initially for the AzureServicePrincipal) certificates.
Import the Azure Automation Runbook.
Publish the runbook and test it out with the parameters. Runbooks need to be in the authoring status published, before they are able to be ran. If they are new, or in edit, Azure AD will throw errors, however you can test while in editing mode, if the runbook would work.
Setting up the MS Azure Automation Endpoint Type in ONEiO
Select the MS Azure Automation Endpoint type out of the list of available endpoint types.
The initial Create interface of the Microsoft Azure Automation Endpoint Types presents the following fields that require your information to be updated:
Name | This is the identifier that will be displayed in your list of endpoints later on. |
Base URL | The fundamental URL of your system is pre-defined, but you need to substitute the ${} placeholders with the necessary details from your Microsoft Azure Environment. You will require the correct Subscription ID and Resource Group for this. |
Inbound Section | Here, you can specify the polling interval of the endpoint. This interval determines how frequently the endpoint polls the Azure environment for information. The First Poll Date/Time field establishes the initial point from which information will be requested. |
Outbound Section | This segment necessitates the previously saved Client ID, Client Secret, and Token Endpoint URL from your App Registration. |
The endpoint comprises three main entities:
- AutomationAccount - This serves as the highest level, enabling the creation of new Azure Automation accounts within the subscription and designated Resource Group. This proves advantageous when various use cases need separation within the Azure Environment.
- Runbook - Positioned as the second highest level, the Runbook entity facilitates the creation, editing, and deletion of runbooks within an automation account. This capability streamlines release management for new PowerShell scripts and ensures data remains current.
- AutomationJob - This stands as the third level within the Automation Account entity. It is at this level that most use cases are executed and automated. This entity enables the passing of parameters from ITSM tools to Azure, triggering runbooks with sufficient information to execute jobs and automate tools. Examples of such use cases include Mailbox Management, Resource Management, or User Management, each with its respective runbooks within an automation account.
Comments
Please sign in to leave a comment.