Skip to main content

Setting up the Tidal Control Azure integration

This page will guide you through setting up the integration for Tidal Control with Azure and Entra ID. This allows our Tests functionality to automatically retrieve evidence from your Azure environment. There are two ways to set up the integration:

  1. With our Tidal Control Azure Application Integration (recommended)
  2. With a service principal

Regardless of the method you choose, you will need to provide access to the relevant Azure subscriptions. This is done by granting the necessary permissions to the integration in the Azure portal.

Application Integration

The following steps require that you have authorization to create new App Registrations in your Entra ID tenant. If you do not have the necessary permissions, please contact your Entra ID administrator.

  1. Navigate to the Tidal Portal (https://portal.tidalcontrol.com) and log in.
  2. Go to "Settings" and then "Integrations". This requires that you are a SUPER_USER within Tidal Control.
  3. Click on the plus icon next to "Microsoft Azure".
  4. Click "App Integration (recommended)" and "Click here to get started".
  5. You will be redirected the Azure portal. Click on "Sign in" and log in with your Azure account.
  6. Review the permissions requested by Tidal Control and click "Accept".
  7. Complete the integration setup by providing access to Azure "Subscriptions" (see below).

Service Principal

To set up the integration with a service principal, you need to create a new service principal in your Azure Entra ID. This service principal will be used to authenticate the integration with your Azure environment. The following steps require that you have authorization to create new App Registrations in your Entra ID tenant. If you do not have the necessary permissions, please contact your Entra ID administrator.

  1. Navigate to the Azure portal (https://portal.azure.com) and log in.
  2. Search and go to "Entra ID".
  3. Click on "App registrations" in the left-hand menu.
  4. Click on "New registration".
  5. Fill in the required fields:
    • Name: Tidal Control - Integration
    • Supported account types: Accounts in this organizational directory only (Single tenant)
  6. Click on "Save".
  7. Copy the "Application (client) ID" and "Directory (tenant) ID" from the overview page. You will need these values later.
  8. Click on "Certificates & secrets" in the left-hand menu.
  9. Click on "New client secret".
  10. Fill in the required fields:
    • Description: Tidal Control - Integration
    • Expires: Choose an expiration date (e.g. 12 months)
    • Click on "Add".
    • Copy the value of the client secret. You will need this value later. NB: Save the client secret in a secure location. You will not be able to retrieve it again.
  11. Click on "API permissions" in the left-hand menu.
  12. Click on "Add a permission".
  13. Click on "APIs my organization uses".
  14. Search for "Microsoft Graph" and click on it.
  15. Click on "Application permissions".
  16. Add the following permissions:
    • Directory.Read.All
    • User.Read.All
    • Device.Read.All
    • Application.Read.All
    • DeviceManagementManagedDevices.Read.All
    • GroupMember.Read.All
    • Group.Read.All
    • Organization.Read.All
    • Policy.Read.All
  17. Click "Grant Admin Consent for {TENANT_NAME}".
  18. Navigate to the Tidal Portal (https://portal.tidalcontrol.com) and log in.
  19. Go to "Settings" and then "Integrations". This requires that you are a SUPER_USER within Tidal Control.
  20. Click on the plus icon next to "Microsoft Azure".
  21. Click "Service Principal".
  22. Fill in the required fields:
    • Name: Any name you want to give the integration.
    • Tenant ID: The Directory (tenant) ID from the overview page.
    • Client ID: The Application (client) ID from the overview page.
    • Client Secret: The client secret you created.
  23. Complete the integration setup by providing access to Azure "Subscriptions" (see below).

Provide access to Azure Subscriptions

To provide access to Azure Subscriptions, you need to grant the necessary permissions to the integration in the Azure portal. The following steps require that you have authorization to grant role permissions in your Azure Entra ID. If you do not have the necessary permissions, please contact your Entra ID administrator.

  1. Navigate to the Azure portal (https://portal.azure.com) and log in.
  2. Search and go to "Subscriptions".
  3. Click on the subscription you want to provide access to.
  4. Click on "Access control (IAM)" in the left-hand menu.
  5. Click on "Add role assignment".
  6. Select the role you want to assign to the integration. We recommend using the "Reader" role.
  7. Search for the Tidal integration you created and select it.
  8. Click on "Save".
  9. Repeat steps 3-8 for each subscription you want to provide access to.
  10. You have now successfully set up the Tidal Control Azure integration.
Last updated on