Set up an Azure integration | Fluid Attacks Help

Set up an Azure integration

This page provides a comprehensive guide to setting up the Microsoft Azure account and related secrets for security testing with Fluid Attacks' cloud security posture management (CSPM) module.

To make the connection with Azure, you need the following information:

  • Azure Subscription ID: The unique identifier for your Azure subscription, which provides access to Azure's cloud platform resources and services
  • AZURE_CLIENT_ID: The identifier representing your client application in Azure
  • AZURE_CLIENT_SECRET: The alphanumeric password for your client application
  • AZURE_TENANT_ID: The directory ID, a unique identifier for your Azure Active Directory (Azure AD), used for authentication and authorization purposes when interacting with Azure resources and services within that tenant

Follow the steps presented further in this document to obtain the above values.

Manual configuration from Azure portal

Get Azure subscription ID

You can find your Azure subscription ID through the Azure Portal by following these steps:

  1. Sign in to the Azure portal.

  2. In the left-hand sidebar, click on Subscriptions. If you do not see it there, you can use the search bar at the top to locate it.

  3. The table displays all your Azure subscriptions. Copy the ID of the desired subscription.

    Find Azure subscription ID for Fluid Attacks CSPM

Get Azure secrets and other necessary credentials

To get these credentials you need to register an application with Azure Active Directory (Azure AD) and create a service principal:

  1. Sign in to the Azure portal.

  2. Click on Azure Active Directory in the left-hand sidebar and, under Manage, select App registrations.

    Find app registrations on Azure for Fluid Attacks CSPM

  3. Click the New registration button.

    Register new app on Azure for Fluid Attacks CSPM

  4. Provide the necessary information to register an application.

    Configure Azure app for Fluid Attacks CSPM

  5. The following are short descriptions of the fields:
    1. Name: A name for your application
    2. Supported account types: The appropriate account types that can use the application
    3. Redirect URI: The URL where Azure AD should send authentication responses, which can be the URL of your application
  6. After registering, you are taken to the overview page for your application. There, you find the Application (client) ID and Directory (tenant) ID.

    Get Client ID and Tenant ID for Fluid Attacks CSPM

  7. From the sidebar, choose Certificates & secrets.

  8. Select Client secrets and click on New client secrets. Then, provide the secret's description, set its expiration and click on Add.

    Add secret to Azure app for Fluid Attacks CSPM

  9. Make sure to copy and save the generated client secret, as it is shown to you on this screen only once.

    Get Azure app secret for Fluid Attacks CSPM

Assign a role to the application

You need to assign a role to the previously registered application in Microsoft Azure:

  1. Log in to the Azure portal.

  2. Click on All services in the left-hand menu, then search for and select Subscriptions.

  3. Click on the desired subscription.

  4. In the subscription settings, click on Access control (IAM), Add and Add a role assignment.

  5. Set Azure app access control for Fluid Attacks CSPM

  6. Select the role you want to assign to your application. You can either choose a built-in role (such as Owner, Contributor, Reader, etc.) or a custom role, if you have defined one. Then click Next.

    Add role to Azure app for Fluid Attacks CSPM

  7. For Assign access to, select the option User, group, or service principal. Click on the Select members button and search for and select your application by name. Then click on Select. You can optionally provide a description. When you are done, click Next.

    Assign Azure app members access for Fluid Attacks CSPM

  8. After selecting the application, review the role assignment details. Confirm that you are assigning the correct role to the correct application.

    Review role assignment to Azure app for Fluid Attacks CSPM

  9. Click the Save button to assign the selected role to your application.

Once the role assignment is complete, you should see the application listed in the Role assignments tab with the assigned role at the subscription level.


Azure setup on Fluid Attacks' platform

Navigate to your group's Scope section on Fluid Attacks' platform to add a CSPM environment. (If you need a refresher on how to reach this point, refer to Find the option for cloud integrations.)

Upon selecting Azure in Cloud name, you need to provide certain information. You can find definitions and steps to gather this information above on this page.

Set up CSPM for Azure environment on the Fluid Attacks platform

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.