Exercise A5: Creating a Service Principal Client Secret

Horizon Cloud Service needs a service principal to access and use your Microsoft Azure subscription capacity. A service principal defines the policy and permissions for use of an application in a specific tenant, and is used to grant Horizon Cloud Service permission to access and modify your Microsoft Azure tenant. When you register a Microsoft Azure AD application, the service principal is also created. For more information, see Create the Required Service Principal by Creating an Application Registration.

In addition to the service principal, you must generate a client secret (previously called an authentication key) and assign the Contributor role to the service principal at the subscription level.

1. Register your Microsoft Azure AD application

  1. Navigate to Azure Active Directory.
  2. In the second pane, select App registration.
  3. In the third pane, select New registration.

2. Register the application

  1. In the Register an Application pane, indicate the following options:
    1. Name  Provide a meaningful name for the app that will be displayed to its users.
    2. Supported account types  Select Accounts in this organizational directory only.
    3. Redirected URI (optional)  Select Web, and provide a redirect URI (reply URL) for the application.
  2. Verify all options, and then click Register.

3. Start creating a Client Secret

  1. Under Manage, select Certificates & Secrets.
  2. Under Client secrets, click New Client Secret.

4. Add the Client Secret

  1. In Add a Client Secret, provide a description.
  2. Under Expires, select an expiration option.
  3. Click Add.

5. Copy IDs for later exercises

The VNET that you configure for Horizon Cloud on Microsoft Azure must be setup to allow for the Microsoft.SQL service endpoint. That service endpoint allows the Horizon Cloud on Microsoft Azure Pod Manager VM to use the Microsoft Azure Database for PostgreSQL Service to backup and restore critical system data in the Pod Manager VM. It is also leveraged for the HA feature.

Note: For more information, see VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist For New Pod Deployments - Updated for the March 2020 Service Release.

To save time later, make note of the following IDs, which you will need during Exercise B12, Step 4:

  • Display name
  • Application (client) ID
  • Directory (tenant) ID
  • Object ID
  • Client secret key

Note: Some organizations have restrictions on Service Principal management. For more information, see the details in the Important note in Create the Required Service Principal Needed by the Horizon Cloud Pod Deployer by Creating an Application Registration.

After you finish creating a client secret for the service principal, proceed to the next exercise to assign a role to the service principal.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.