Configure Entrust KeyControl as Microsoft Azure CSP

Create an Azure client secret

This secret is required to create the Entrust CSP account for Azure. It expires after a set period. You must create the Entrust KeyControl CSP account for Azure before the secret expiration date.

  1. Navigate to Home > Azure Active Directory > App registrations > <App-registration-name> > Certificates & secrets.

  2. Select New client secret.

    The Add a client secret dialog appears.

  3. Enter the Description and select the expiration date.

  4. Select Add.

    The Certificates & secrets page appears. For example:

    azure client secret

  5. Copy and save the Value of the new client secret.

    This value appears in Azure Portal only temporarily. When the portal hides the client secret, it cannot be retrieved and a new secret must be created.

For additional information, see Creating a client secret in Azure Active Directory.

Create an Entrust KeyControl CSP account for Azure

The following steps establish the connection between Entrust KeyControl and Azure, making Entrust KeyControl the CSP of the Azure application.

  1. Sign in to the Entrust KeyControl Vault URL bookmark from install-configure-keycontrol.adoc#create-keycontrol-vault.

  2. Select the CLOUDKEYS icon on the toolbar.

  3. Select the CSP Accounts tab.

  4. In the Action icon, select Add CSP Account in the drop-down menu.

    The Add CSP Account dialog appears.

  5. In the Details tab enter the Name and Description.

  6. In the Admin Group drop-down menu box select Cloud Admin Group.

  7. In the Type drop-down menu box select Azure.

  8. Enter the following from the Azure account:

    Item Value

    Azure AD Tenant ID

    Home > Azure Active Directory > App registrations > <Display name> > Directory (tenant) ID

    Subscription ID

    Home > Subscription > Subscription ID

    Client ID

    Home > Azure Active Directory > App registrations > <Display name> > Application (client) ID

    Client Secret

    Value of the secret created in Create an Azure client secret.

    For example:

    keycontrol csp account for azure 1

  9. Select Continue.

  10. In the Schedule tab, define the rotation schedule.

  11. Select Apply.

    For example:

    keycontrol csp account for azure 2

    The new CSP account is created.

    keycontrol csp account for azure 3