When creating applications to access various Azure APIs, it is necessary to use one of two methods for granting that access. The first to use a Service Principal. A Service Principal is an application tied to a particular user/account that is granted permissions. A second method is to create an application with permissions to access the Service Management API.
The second method is essentially what the Azure CLI does when you login using an Orgranizational Account, rather than a Service Principal. When requesting an authorization token from the Active Directory, an ID associated with the client application is presented. So long as the credentials of the user are valid and the application is authorized, the Active Directory will present an authorization token.
To create an application for use in the second method, log into the Azure portal and select your Active Directory.
Next, select Applications at the top and then click the Add button that shows up at the bottom.
Next you will see a form asking for information about your application. For this case, we will create a “Native Application” and give it the name systemmanager. Fill out the form and select the arrow to move to the next page.
On the next form, you are asked to enter a URL for the application. It can be anything so long as it is a valid URL. Here, we entered “http://localhost/systemmanager“. Enter a URI and select the checkbox.
At this point, the application is created. But now, it must be configured to have access to the Azure Management Services API. Select the systemmanager application from the side pane and click “Configure” in the upper menu.
Scroll down (if necessary) and click the Add Application button.
A form will be presented listing a number of existing Applications. The Application to select is Windows Azure Service Management API. Click on it and then click on the Check in the lower right.
One more step is needed, permissions to the Windows Azure Service Management API needs to be added. These take the form in “Delegated Permissions”. In this case, when you perform applications using the systemmanager application created in this tutorial, you are performing actions on behalf of a user (thus delegating to the systemmanager application).
Click the “Delegated Permissions” text in the “Azure Windows Service Management API” line, click the checkbox to allow access and then click Save at the bottm.
At this point, creation and configuring of the systemmanager application is complete.
How to Use the Application
In the next tutorial, we will explore how to use the Java Active Directory SDK to enable an application to make a REST call to the Azure Resource Manager. However, we will need one piece of information. In various tutorials and code samples, there is reference to a Client ID. The Client ID, in this case, refers to the Client ID of the systemmanager application.
If you scroll towards the top of the systemmanager application page, you will see that the Client ID for thee newly created application is 0139a5ba-deda-4beb-8cb8-ed69222fb3fc.