Skip to main content
This guide provides step-by-step instructions on how to create an app registration in Azure and assign the necessary roles for monitoring and cost management. It covers creating the app, generating a client secret, and assigning the Cost Management Reader and Monitoring Reader roles to ensure proper access and functionality.

Steps to Create App Registration and Assign Roles in Azure

1. Log in to Azure Portal

2. Create App Registration

  • Navigate to Azure Active Directory in the left-hand menu.
  • Click on App registrations.
  • Click New registration.
  • Provide a name for the app, e.g., “Wiv”.
  • Under Supported account types, select the appropriate option based on your needs (e.g., single tenant or multi-tenant).
  • Click Register.

3. Note Down Application (client) ID and Directory (tenant) ID

  • After registration, you will be redirected to the app’s overview page.
  • Note down the Application (client) ID and Directory (tenant) ID; you will need these later.

4. Generate Client Secret

  • In the left-hand menu, click on Certificates & secrets.
  • Click New client secret.
  • Provide a description and select an expiration period.
  • Click Add.
  • Important: Note down the client secret value immediately as it will be shown only once.

5. Assign Roles to the App

  • Navigate to Subscriptions in the left-hand menu.
  • Select your subscription.
  • Click on Access control (IAM).
To assign Cost Management Reader Role:
  • Click Add > Add role assignment.
  • In the Role tab, search for and select Cost Management Reader.
  • Click Next.
  • Select User, group, or service principal.
  • Click + Select members.
  • Search for your app registration by name and select it.
  • Click Select.
  • Click Review + assign.
To assign Monitoring Reader Role:
  • Click Add > Add role assignment again.
  • In the Role tab, search for and select Monitoring Reader.
  • Click Next.
  • Select User, group, or service principal.
  • Click + Select members.
  • Search for your app registration by name and select it.
  • Click Select.
  • Click Review + assign.

6. Verify Role Assignments

  • Stay in the subscription’s Access control (IAM) section.
  • Click on the Role assignments tab.
  • Filter by your app name to confirm both roles are assigned correctly.

7. Configure API Permissions (Optional)

  • Navigate back to Azure Active Directory > App registrations.
  • Select your app.
  • Go to API permissions in the left-hand menu.
  • Add any additional API permissions required for your monitoring solution (if needed).
  • Note: Role assignments (RBAC) do not appear here; they are managed through IAM.

Important Notes

  • Keep the client secret secure and store it in a safe location.
  • The client secret has an expiration date; plan for rotation before it expires.
  • Role assignments may take a few minutes to propagate across Azure services.
  • Ensure you have the necessary permissions to create app registrations and assign roles in your Azure subscription.