How-To: Setup Access To Azure Resources

To give Azure users seamless access to Azure resources, the Keytos application need read permissions in your subscription to verify who has access to those resources.

Prerequisites

  1. Registering the application in your tenant
  2. Selecting a Plan

Introduction

Creating an Azure Policy requires EZSSH to have access to your subscription. Based on what features you want to enable you can give it different permissions. If you want to use our “Auto Add” Feature that automatically adds your EZSSH Policy certificate to the machines we detect in your subscription, Contributor role is required. If you only want EZSSH to detect the machine and you will add the certificate to the machines, using your deployment templates (Pulumi Example) then only Reader role is required.

Adding Application to RBAC in Azure Portal

  1. Login to https://portal.azure.com
  2. Navigate to the Subscription or resource group that you want to enroll in EZSSH Azure subscription Access control IAM page with role assignments tab selected
  3. Click on Add Azure IAM Access control page with Add role assignment panel opening on the right
  4. Select the “Add Role Assignment” Option
  5. Select the Role you need for EZSSH. Contributor or Reader Azure Add role assignment panel with role search field highlighted
  6. Select the EZSSH Application Azure Add role assignment showing EZSSH application selected as Contributor with member highlighted
  7. Click the Save button Azure Add role assignment panel with EZSSH selected and Save button highlighted
  8. You are ready to create your first Azure Policy