In this Article
Overview
Snaps in the Binary Snap Pack use the Azure portal to access endpoint applications. You can use the SAS URI and Access key to authenticate Azure access. However, Managed Identities provide credentials access to Azure. There are two types of Managed Identities - System-Assigned Managed Identity and User-Assigned Identity. The System-Assigned identity can be mapped to a single virtual machine, whereas the User-Assigned identity can align with multiple resources.
1. Create a resource group in the Azure portal
a. Log into the Azure portal.
b. Navigate to the Resource group from the search bar.
c. Click Create.
d. Specify the Subscription and Resource group and create a resource group.
e. Click Next.
f. Specify the Name and Value of the Resource group.
g. Click Next. The details of the Resource group appear.
2. Create a Storage Account
a. Create a storage account under the resource group created.
b. Select the Default to Microsoft Entra authorization in the Azure portal checkbox.
c. Click Next with the default settings until the Storage account validates.
d. Click Create. The Storage account deploys successfully.
e. Click the Go to resource button.
3. Create a Container in the Storage Account
a. Navigate to Containers on the left navigation bar.
b. Click Container.
c. Specify the container name. Click Create.
d. Click Upload to upload a sample file in the container.
Until now, we have a resource group with a storage account within which there is a container.
4. Create a Managed Identity
a. Navigate to Managed Identities in the search bar.
b. Click Create.
c. Specify the resource group you created in step 1.
d. Specify the name of the user-assigned managed identity in the Name field.
e. Click Next where TERMS appear.
f. Click Create. User-assigned managed identity is deployed successfully.
5. Create a Virtual Machine
a. Navigate to the Virtual Machine from the search bar.
b. Click Create.
c. Select the resource group created in step 1.
d. Specify the name of the virtual machine.
e. Click Next:<> in the bottom panel until the virtual machine validation is passed.
f. Click Create.
g. Click the Download private key and create resource dialog box.
The private key is not stored and cannot be retrieved if you miss to download the private key.
h. Click the Go to resource button.
6. Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account
a. Navigate to the Identity option under Security in the left navigation.
b. Click the User assigned option.
c. Click Add.
d. Select the User assigned managed identities from the list.
A single virtual machine can have multiple user-assigned managed identities assigned to it.
e. Click Add after checking the right user-assigned managed identity created in Step 4. The identity is added to the virtual machine.
f. Navigate to Home.
g. Select the storage account created in Step 2.
h. Click Access control (IAM) in the left navigation.
i. Click Add>Add role assignment.
j. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.
h. Click Next.
i. Choose the Managed identity option in the Assign access to field.
j. Click Select members in the Members field. The Select managed identities box appears on the left.
k. Select the User-assigned managed identity option in the Managed identity field.
l. Select the name of the user-assigned managed identity created in Step 4.
m. Click Select. The user-assigned managed identity is added to the storage account.
n. Click Next until Scope appears.
o. Click Review + assign.
p. Click the Check access tab to check the added role.
q. Click Managed identity in the Check access box on the right.
r. Select the User-assigned managed identity in the Managed identity field.
s. Select the name of the user-assigned managed identity. The current role assignments appear.
7. Add System-Assigned Managed Identity to Virtual Machine
a. Click Home.
b. Navigate to Identity under the Security tab on the left navigation.
c. Select the System assigned tab on the top.
d. Select On for Status.
e. Click Save. The Enable system assigned managed identity dialog box appears.
f. Click Yes. A system-assigned managed identity is restricted to one per resource and is tied to the lifecycle of this resource.
g. Navigate to Home.
h. Select the storage account created in Step 2.
i. Click Access control (IAM) in the left navigation.
Locate/Define Information Required to Create your <Snap Pack Name> OAuth2 Account
Specify the values required to create a successful <Snap Pack Name> OAuth2 account.
Navigate to the <Snap Pack Name> Snap of your choice and configure the <Snap Pack Name> OAuth2 Account with the following details:
Client ID: A Public Identifier for your app. Provide the Client ID that is auto-generated after creating the app in the <endpoint>
Client Secret: Secret value known only to the app and the auth server. Provide the Client Secret that is auto-generated after creating the app in the <endpoint>.
OAuth2 Endpoint:
OAuth2 Token:
<Insert Account image>
Click Authorize.
You will be redirected to the login page of ServiceNow.Log into ServiceNow and accept the permissions.
The Access token and the Refresh Token will be generated.Select the Auto-refresh token checkbox and save the account.