# Connect Azure account

{% hint style="warning" %}
If you do not have access to create a subscription in Azure, we recommend **raising a ticket with your security team.**
{% endhint %}

**Summary:** Sedai currently supports Azure Virtual Machines, Managed Disks, [Databricks](#databricks-workspace-setup), and [Azure Kubernetes Service (AKS)](/get-started/onboarding/autonomous-cloud-management/connect-kubernetes-cluster.md).&#x20;

You can integrate your Azure account either by [creating a new application in your account](#integrate-with-azure-client-credentials) or via [multi-tenant service principal](#integrate-with-multitenant-service-principal). These steps need to be repeated for each Azure account you want to connect to Sedai.

1. Set Up Azure AD Service Principal (Azure Portal)
   1. [Azure Client Credentials](#integrate-with-azure-client-credentials): Create a new application and provide the following information to connect to Sedai:&#x20;
      * Subscription ID
      * Tenant ID
      * Client ID
      * Client Credentials
   2. [Multitenant Service Principal](#integrate-with-multi-tenant-service-principal): Use an application created in Sedai’s Azure account. Sedai will use your Client ID and Client Credentials from Sedai’s Azure account to access your APIs. You will need to create a new service principal using Sedai’s application and provide the following information to connect to Sedai:
      * Tenant ID
      * Client ID
2. Connect Azure integration to Sedai&#x20;
   1. [VM, DISK, Blob, Kubernetes](#connect-azure-integration-to-sedai)
   2. [Databricks](#databricks)

<figure><img src="/files/EIeRekczo7qhcFVg6tTr" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Sedai individually connects to Kubernetes clusters, so AKS clusters are displayed independent of their corresponding Azure account. To connect your AKS workloads, we recommend deploying [Sedai's Smart Agent](/get-started/onboarding/autonomous-cloud-management/connect-kubernetes-cluster/sedai-smart-agent.md) within your cluster, but you can also setup with [agentless access](/get-started/onboarding/autonomous-cloud-management/connect-kubernetes-cluster/aks-agentless-setup.md).
{% endhint %}

***

### Set Up Azure AD Service Principal

{% hint style="info" %}
Note: In Sedai, each Subscription ID is treated as a unique Account. Therefore, you cannot add multiple Sedai accounts with identical Subscription ID and Tenant ID. If you have multiple resource groups under a single Subscription ID that require monitoring, adding that Subscription ID as a single Sedai account will meet your needs. This holds true while using Azure client credentials or Multi tenant service principal.
{% endhint %}

Log in to your Azure portal and setup access using one of the following options:&#x20;

* [Azure Client Credentials](#integrate-with-azure-client-credentials): Create a new application and provide the following information to connect to Sedai: \
  – Subscription ID

  – Tenant ID\
  – Client ID\
  – Client Credentials
* [Multitenant Service Principal](#integrate-with-multi-tenant-service-principal): Use an application created in Sedai’s Azure account. Sedai will use your Client ID and Client Credentials from Sedai’s Azure account to access your APIs. You will need to create a new service principal using Sedai’s application and provide the following information to connect to Sedai:\
  – Subscription ID\
  – Tenant ID

Once completed, navigate to **<https://yourcompany.sedai.app>** and click Connect Cloud to integrate your account within Sedai.

### Integrate via Azure Client Credentials

In this approach, you will need to create and register a new single tenant application. (**Note:** Redirect URL is not required).

1. **Client & Tenant IDs:** Once application is created, go to its Overview page and copy and save the Client ID and Tenant ID; you will paste these into Sedai’s UI momentarily.
2. **Subscription ID:** Navigate to Subscriptions and copy the Subscription ID.
3. **Secret Key:** Navigate to your new application and go to Certificates & secrets. Generate a new secret key and copy the value.
4. **Role Assignment at Subscription Level:** Next, navigate to Access control and create a new role assignment and select Monitor Reader for the Job function role. Assign access to User, group, or service principal and click Select members to attach your newly created application to the assignment.
5. **Role Assignment at Resource Group Level.** Next, navigate to Access control under the required resource group and create a new role assignment and select Monitor Reader for the Job function role. Assign access to User, group, or service principal and click Select members to attach your newly created application to the assignment. Add role assignment in resource group Select Monitor Reader

***

### Integrate via Multitenant Service Principal

{% hint style="info" %}
If you're interested in using this approach, contact **<support@sedai.io>** to request an application hosted in Sedai's Azure account.
{% endhint %}

1. Create Service Principal: Contact our team to request an Application/Client ID.
2. Role Assignment: Navigate to Access control and create a new role assignment and select **Reader** for the Job function role. Assign access to **User, group, or service principal** and click **Select members** to attach Sedai’s application to the assignment.
3. Share Subscription & Tenant IDs with Sedai Team: Once you have created the new service principal and configured role assignment, copy the Subscription ID and Tenant ID and send them to our team who will complete setup within your Sedai environment.

***

### Databricks Workspace Setup

1. [Create Service Principle](#set-up-azure-a-d-service-principal) (SP)
2. Add Permissions to SP in Unity Catalog Metastore (Databricks Account Console)
   * Go to [accounts.cloud.databricks.com](https://accounts.cloud.databricks.com)
   * Click User management > Service principals:
   * Select and add the Service Principal
3. Add permissions for the SP in the Databricks workspace
   * Settings > Identity and access&#x20;
   * Groups (Add the SP to the ‘admins’ group)
   * System tables: Grant **SELECT** and **USE SCHEMA** to system.billing, system.compute

***

### Connect Azure resource to Sedai&#x20;

#### VM, DISK, Blob, Kubernetes

1. Log in to your Sedai account and navigate to **Settings > Integrations**.&#x20;
2. Select **Connect Cloud > Microsoft Azure**&#x20;
3. Select Resource types (either **VM, DISK, Blob** or **Kubernetes** resource.&#x20;
4. Add Nickname for Account
5. Enter Azure Account Details
   * **Test Connection** to verify your connection works. If the connection fails, please double-check that you've entered the correct information in each field.&#x20;
6. Connect a [monitoring data](/get-started/onboarding/autonomous-cloud-management/connect-monitoring-data.md) source.

{% hint style="info" %}
Since you can add multiple Azure accounts to Sedai, you will be asked to give your integration a unique nickname — this helps you easily identify resources within Sedai.
{% endhint %}

#### Databricks

1. Log in to your Sedai account and navigate to **Settings > Integrations**.&#x20;
2. Select **Add Integration > Databricks Account > Azure Databricks Account**
3. Enter Azure Account details (nickname,subscriptionID) and select one of the following Onboarding Flows
   1. **Onboard Databricks Account:** *Faster, requires 'Account Admin' role in the databricks account.* [*Required credentials*](#user-content-fn-1)[^1]
   2. **Onboard Databricks Workspace:** *Slower, each workspace has to be manually added and details such as have to be entered.* [*Required credentials*](#user-content-fn-2)[^2]
4. Configure SQL Warehouse Access: Choose one of the following:
   1. **Option 1:** Use Existing SQL Warehouse/Create a SQL Warehouse
      * Ensure it is Serverless
      * Recommended setting:&#x20;
        * Cluster Size: X-Small
        * Autoscaling: 1-8
        * Assign the SP: **‘Can Manage’** permissions
   2. **Option 2:** Let Sedai Create a Warehouse
      * Serverless config:
        * Auto-stop after 10 minutes
        * Cluster Size: Small
        * Autoscaling: 1-8
      * SP needs:
        * **'Can Manage'** SQL Warehouse permission
        * **USE CATALOG** and **SELECT** on system schema
5. **Validation:** Click “Test Warehouse” to verify access.
6. Connect a [monitoring data](/get-started/onboarding/autonomous-cloud-management/connect-monitoring-data.md) source.

[^1]: * AccountID
    * Account Host URL
    * TenantID

    - ClientID
    - Client Secret

[^2]: * Account ID
    * Account Host URL
    * Tenant ID
    * ClientID
    * Client Secret
    * *Workspace ID*
    * *Workspace name*
    * *Region*
    * Pricing Tier<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sedai.io/get-started/onboarding/autonomous-cloud-management/connect-azure-account.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.