Getting Started
Azure
Connect Ferry to Azure

Connect Ferry to Azure

When you connect Ferry to your Azure account, Ferry manages on your behalf the required policies and cloud resources to allow you to quickly provision devices, and deploy software applications to them.

Step 1: Set up the App Registration

  1. Create a Microsoft Azure account (or log in if you already have one)

    1. If you choose to create a Microsoft Azure account, Azure will automatically provision a Subscription for you. An Azure Subscription is akin to a billing account - all your cloud resources will be nested underneath each Subscription

  2. In the Azure console search bar, enter “app registration” and select the “App Registrations” service

    Mountains

  3. Select “+ New registration”

  4. Give your application a name, and under “Supported account types”, select “Accounts in this organizational directory only”

    Mountains

  5. On the App Registration screen, select the App Registration you just selected:

    1. Make a note of the Application ID, we’ll need it later

  6. On the left-hand navigation bar, select “Certificates & secrets”. Select “+ New client secret”

    1. In the options, for the Description field put “Current” and for the Expires field select the option with 24 months. Select “Add secret” at the bottom of the screen.

    2. This will create a client secret for your App Registration. Make a note of the Value of the client secret you just created; we’ll need it later. If you forget to make note of it now, you’ll need to recreate this step later, as Azure obscures your client secret after you navigate from the screen!

Mountains

Step 2: Create the Resource Group

  1. In the Azure dashboard, search for “Resource Groups”, and select “+ Create”

  2. Ensure that your Azure Subscription is selected, and provide a name for the Resource Group, and the Azure cloud region

    Mountains

Step 3: Assign roles to the Resource Group

  1. For the Resource Group you just created, in the navigation column menu, select “Access control (IAM)”

  2. Select “+ Add” and “Add role assignment”

    Mountains

  3. In the “Role” tab, select the “Privileged administrator roles” sub-tab, and select “Owner”. Then select “Next” at the bottom of the page.

    Mountains

  4. On the “Members” tab, select “User, group or service principal” and select “+ Select members”

    Mountains

  5. In the drawer that appears, in the search bar, enter the name of the App Registration you created beforehand, select it, and then choose the “Select” button at the bottom of the page.

  6. On the next page, select “Review & Assign”.

  7. We know need to add one more Role Assignment. Go back to your Resource Group as per step 3 of this section:

    1. Select “Access control (IAM)”

    2. Choose “+ Add” and “Add role assignment”

    3. In the “Role” tab, select the “Job function roles” sub-tab, search for and select “Storage Blob Data Contributor”

    4. Select “Next” at the bottom of the page. On the “Members” tab, select “User, group or service principal” and choose “+ Select members”. In the drawer that appears, enter the name of the App Registration, select it, and then choose “Select” at the bottom of the drawer as before. Then select “Review & assign”

      Mountains

  8. At this point, if you go back to your Resource Group, and the IAM page, and then select the “Role Assignments” tab, you should be able to see both of the assignments that we just created.

Step 4: Enable resource providers within the Subscription

  1. The final configuration step of the Azure account is to grant permissions to your Azure Subscription to allow other cloud resources to function appropriately

  2. In the Azure dashboard, in the search bar search for Subscriptions and select the one you have been using for this setup.

  3. In the navigation column under Settings, select “Resource Providers”

    Mountains

  4. In the search bar, enter “Microsoft.Devices”. If the row shown in the table is not registered, select it (it will turn grey), and then select “Register”

  5. Repeat the above step for “Microsoft.ContainerRegistry” and “Microsoft.Storage”

  6. This provisioning can take a couple of minutes!

    Mountains

Step 5: Add the Azure cloud account in Ferry

We’ve now got all the ingredients we need to link your Azure account to Ferry.

  1. Go to your Organization. You can select the Organization from the top right hand side selector

  2. Navigate to the “Cloud Accounts” tab and select “Add Cloud Account”

  3. In the pop-up window that appears enter the following information

    Mountains

  4. For Platform, select Azure

  5. For Name, give your cloud account a name identifier

  6. For Region, enter the region of your Resource Group (in Step 2)

  7. For Client ID enter the Application ID from Step 1 (you can always access it in the App Registration screen later on if needed)

  8. For Client Secret, enter the Value from the App Registration client secret you created in Step 1. Ferry encrypts all secrets across any resource in your cloud account for security

  9. For Subscription ID: in the Azure dashboard, search for “Subscriptions” and find the Subscription you have used for this setup. In the Overview field, find the Subscription ID that you need to enter into Ferry

    Mountains

  10. For Tenant ID: in the Azure dashboard, search for “Microsoft Entra ID” (it is what Active Directory used to be called). Take the Tenant ID there and enter it into Ferry.

    Mountains

  11. Select “Ok” and you’re done!