To create a Microsoft Azure AD application from the Azure PowerShell command line, you can use the Azure AD App Registration tool. You can run the tool from the CommServe computer where you want to create the application or from any other computer that can communicate with the Web Server. The tool also creates a credential for Microsoft Azure authentication type IAM AD Application Role assignment.
Before You Begin
-
The computer from which you want to create the application must meet the following requirements:
-
Install Azure PowerShell version 6.1 or a more recent version.
-
Install AzureRM module version 6.0 or a more recent version.
-
Enable JavaScript in the Microsoft Internet Explorer browser.
-
-
Verify that the Commvault Tomcat service is running. For more information, see Controlling Services on Windows.
-
Verify that the Azure user account that you want to configure for the application has the User Access Administrator role on the resource.
Procedure
-
Log on to the computer from which you want to create the application.
-
Download the Azure AD App Registration tool from the Commvault Store.
For instructions, see Downloading Items from Commvault Store.
-
Log on to the Azure PowerShell command line.
-
Go to the location where the CVAzureADAppRegistration.exe tool is available, and then run the following command:
CVAzureADAppRegistration.exe -WebServerUrl web_server_URL -CommCellUserName commcell_user_name -SubscriptionId subscription_ID -ResourceGroupName resource_group_name -ApplicationName application_name -UseSharedSecret -SharedSecret application_password -Role azure_role
where:
-
web_server_URL is the URL of the CommServe computer
-
commcell_user_name is the username of the CommServe administrator account
-
subscription_ID is the subscription ID of the Azure account.
-
resource_group_name is the resource group name for the scope of the Azure application.
-
application_name is the name of the application that will be created on the CommServe computer.
-
application_password is the client secret of the application.
-
azure_role is the role that you may want to assign to the application. For example, the Storage Blob Data Contributor role allows read, write, and delete permissions for the Azure storage containers and blobs. For more information about role that suits your requirement, go to Azure built-in roles.
Following is an example command:
CVAzureADAppRegistration.exe -WebServerUrl http://demoma.democert.loc:81/SearchSvc/CVWebService.svc -CommCellUserName admin -SubscriptionId 39852ggg-e752-47d1-b5e7-5f3c277618ee -ResourceGroupName DemoRG -UseSharedSecret -SharedSecret password123 -Role 'Storage Blob Data Contributor'
A prompt for the password for the CommServe administrator account appears.
-
-
Enter the password for the CommServe administrator account.
A log on/in window appears.
-
Enter the credentials for the Azure user account.