search

Connect Azure account

Securely connect your Microsoft Azure account to Sedai's autonomous cloud platform.

circle-exclamation

If you do not have access to create a subscription in Azure, we recommend raising a ticket with your security team.

Summary: Sedai currently supports Azure Virtual Machines, Managed Disks, Databricks, and Azure Kubernetes Service (AKS).

You can integrate your Azure account either by creating a new application in your account or via multi-tenant service principal. These steps need to be repeated for each Azure account you want to connect to Sedai.

  1. Set Up Azure AD Service Principal (Azure Portal)

    1. Azure Client Credentials: Create a new application and provide the following information to connect to Sedai:

      • Subscription ID

      • Tenant ID

      • Client ID

      • Client Credentials

    2. Multitenant Service Principal: Use an application created in Sedai’s Azure account. Sedai will use your Client ID and Client Credentials from Sedai’s Azure account to access your APIs. You will need to create a new service principal using Sedai’s application and provide the following information to connect to Sedai:

      • Tenant ID

      • Client ID

  2. Connect Azure integration to Sedai

    1. VM, DISK, Blob, Kubernetes

    2. Databricks

circle-info

Sedai individually connects to Kubernetes clusters, so AKS clusters are displayed independent of their corresponding Azure account. To connect your AKS workloads, we recommend deploying Sedai's Smart Agent within your cluster, but you can also setup with agentless access.

hashtag
Set Up Azure AD Service Principal

circle-info

Note: In Sedai, each Subscription ID is treated as a unique Account. Therefore, you cannot add multiple Sedai accounts with identical Subscription ID and Tenant ID. If you have multiple resource groups under a single Subscription ID that require monitoring, adding that Subscription ID as a single Sedai account will meet your needs. This holds true while using Azure client credentials or Multi tenant service principal.

Log in to your Azure portal and setup access using one of the following options:

  • Azure Client Credentials: Create a new application and provide the following information to connect to Sedai: – Subscription ID

    – Tenant ID – Client ID – Client Credentials

  • Multitenant Service Principal: Use an application created in Sedai’s Azure account. Sedai will use your Client ID and Client Credentials from Sedai’s Azure account to access your APIs. You will need to create a new service principal using Sedai’s application and provide the following information to connect to Sedai: – Subscription ID – Tenant ID

Once completed, navigate to https://yourcompany.sedai.app and click Connect Cloud to integrate your account within Sedai.

hashtag
Integrate via Azure Client Credentials

In this approach, you will need to create and register a new single tenant application. (Note: Redirect URL is not required).

  1. Client & Tenant IDs: Once application is created, go to its Overview page and copy and save the Client ID and Tenant ID; you will paste these into Sedai’s UI momentarily.

  2. Subscription ID: Navigate to Subscriptions and copy the Subscription ID.

  3. Secret Key: Navigate to your new application and go to Certificates & secrets. Generate a new secret key and copy the value.

  4. Role Assignment at Subscription Level: Next, navigate to Access control and create a new role assignment and select Monitor Reader for the Job function role. Assign access to User, group, or service principal and click Select members to attach your newly created application to the assignment.

  5. Role Assignment at Resource Group Level. Next, navigate to Access control under the required resource group and create a new role assignment and select Monitor Reader for the Job function role. Assign access to User, group, or service principal and click Select members to attach your newly created application to the assignment. Add role assignment in resource group Select Monitor Reader

hashtag
Integrate via Multitenant Service Principal

circle-info

If you're interested in using this approach, contact [email protected] to request an application hosted in Sedai's Azure account.

  1. Create Service Principal: Contact our team to request an Application/Client ID.

  2. Role Assignment: Navigate to Access control and create a new role assignment and select Reader for the Job function role. Assign access to User, group, or service principal and click Select members to attach Sedai’s application to the assignment.

  3. Share Subscription & Tenant IDs with Sedai Team: Once you have created the new service principal and configured role assignment, copy the Subscription ID and Tenant ID and send them to our team who will complete setup within your Sedai environment.

hashtag
Databricks Workspace Setup

  1. Create Service Principle (SP)

  2. Add Permissions to SP in Unity Catalog Metastore (Databricks Account Console)

  3. Add permissions for the SP in the Databricks workspace

    • Settings > Identity and access

    • Groups (Add the SP to the ‘admins’ group)

    • System tables: Grant SELECT and USE SCHEMA to system.billing, system.compute

hashtag
Connect Azure resource to Sedai

hashtag
VM, DISK, Blob, Kubernetes

  1. Log in to your Sedai account and navigate to Settings > Integrations.

  2. Select Connect Cloud > Microsoft Azure

  3. Select Resource types (either VM, DISK, Blob or Kubernetes resource.

  4. Add Nickname for Account

  5. Enter Azure Account Details

    • Test Connection to verify your connection works. If the connection fails, please double-check that you've entered the correct information in each field.

  6. Connect a monitoring data source.

circle-info

Since you can add multiple Azure accounts to Sedai, you will be asked to give your integration a unique nickname — this helps you easily identify resources within Sedai.

hashtag
Databricks

  1. Log in to your Sedai account and navigate to Settings > Integrations.

  2. Select Add Integration > Databricks Account > Azure Databricks Account

  3. Enter Azure Account details (nickname,subscriptionID) and select one of the following Onboarding Flows

    1. Onboard Databricks Account: Faster, requires 'Account Admin' role in the databricks account. Required credentials

    2. Onboard Databricks Workspace: Slower, each workspace has to be manually added and details such as have to be entered. Required credentials

  4. Configure SQL Warehouse Access: Choose one of the following:

    1. Option 1: Use Existing SQL Warehouse/Create a SQL Warehouse

      • Ensure it is Serverless

      • Recommended setting:

        • Cluster Size: X-Small

        • Autoscaling: 1-8

        • Assign the SP: ‘Can Manage’ permissions

    2. Option 2: Let Sedai Create a Warehouse

      • Serverless config:

        • Auto-stop after 10 minutes

        • Cluster Size: Small

        • Autoscaling: 1-8

      • SP needs:

        • 'Can Manage' SQL Warehouse permission

        • USE CATALOG and SELECT on system schema

  5. Validation: Click “Test Warehouse” to verify access.

  6. Connect a monitoring data source.

Last updated

Was this helpful?