Connect Ferry to Azure
When you connect Ferry to your Azure account, Ferry manages on your behalf the required policies and cloud resources to allow you to quickly provision devices, and deploy software applications to them.
Step 1: Set up the App Registration
Create a Microsoft Azure account (or log in if you already have one)
If you choose to create a Microsoft Azure account, Azure will automatically provision a Subscription for you. An Azure Subscription is akin to a billing account - all your cloud resources will be nested underneath each Subscription
In the Azure console search bar, enter “app registration” and select the “App Registrations” service
Select “+ New registration”
Give your application a name, and under “Supported account types”, select “Accounts in this organizational directory only”
On the App Registration screen, select the App Registration you just selected:
Make a note of the Application ID, we’ll need it later
On the left-hand navigation bar, select “Certificates & secrets”. Select “+ New client secret”
In the options, for the Description field put “Current” and for the Expires field select the option with 24 months. Select “Add secret” at the bottom of the screen.
This will create a client secret for your App Registration. Make a note of the Value of the client secret you just created; we’ll need it later. If you forget to make note of it now, you’ll need to recreate this step later, as Azure obscures your client secret after you navigate from the screen!
Step 2: Create the Resource Group
In the Azure dashboard, search for “Resource Groups”, and select “+ Create”
Ensure that your Azure Subscription is selected, and provide a name for the Resource Group, and the Azure cloud region
Step 3: Assign roles to the Resource Group
For the Resource Group you just created, in the navigation column menu, select “Access control (IAM)”
Select “+ Add” and “Add role assignment”
In the “Role” tab, select the “Privileged administrator roles” sub-tab, and select “Owner”. Then select “Next” at the bottom of the page.
On the “Members” tab, select “User, group or service principal” and select “+ Select members”
In the drawer that appears, in the search bar, enter the name of the App Registration you created beforehand, select it, and then choose the “Select” button at the bottom of the page.
On the next page, select “Review & Assign”.
We know need to add one more Role Assignment. Go back to your Resource Group as per step 3 of this section:
Select “Access control (IAM)”
Choose “+ Add” and “Add role assignment”
In the “Role” tab, select the “Job function roles” sub-tab, search for and select “Storage Blob Data Contributor”
Select “Next” at the bottom of the page. On the “Members” tab, select “User, group or service principal” and choose “+ Select members”. In the drawer that appears, enter the name of the App Registration, select it, and then choose “Select” at the bottom of the drawer as before. Then select “Review & assign”
At this point, if you go back to your Resource Group, and the IAM page, and then select the “Role Assignments” tab, you should be able to see both of the assignments that we just created.
Step 4: Enable resource providers within the Subscription
The final configuration step of the Azure account is to grant permissions to your Azure Subscription to allow other cloud resources to function appropriately
In the Azure dashboard, in the search bar search for Subscriptions and select the one you have been using for this setup.
In the navigation column under Settings, select “Resource Providers”
In the search bar, enter “Microsoft.Devices”. If the row shown in the table is not registered, select it (it will turn grey), and then select “Register”
Repeat the above step for “Microsoft.ContainerRegistry” and “Microsoft.Storage”
This provisioning can take a couple of minutes!
Step 5: Add the Azure cloud account in Ferry
We’ve now got all the ingredients we need to link your Azure account to Ferry.
Go to your Organization. You can select the Organization from the top right hand side selector
Navigate to the “Cloud Accounts” tab and select “Add Cloud Account”
In the pop-up window that appears enter the following information
For Platform, select Azure
For Name, give your cloud account a name identifier
For Region, enter the region of your Resource Group (in Step 2)
For Client ID enter the Application ID from Step 1 (you can always access it in the App Registration screen later on if needed)
For Client Secret, enter the Value from the App Registration client secret you created in Step 1. Ferry encrypts all secrets across any resource in your cloud account for security
For Subscription ID: in the Azure dashboard, search for “Subscriptions” and find the Subscription you have used for this setup. In the Overview field, find the Subscription ID that you need to enter into Ferry
For Tenant ID: in the Azure dashboard, search for “Microsoft Entra ID” (it is what Active Directory used to be called). Take the Tenant ID there and enter it into Ferry.
Select “Ok” and you’re done!