Table of Contents
Overview
This guide outlines how to create an Azure App Registration and assign the appropriate IAM permissions so that Domotz custom drivers can authenticate and collect data from Azure services such as:
- Virtual Machines
- Virtual Machine Scale Sets
- Storage Accounts
- Metrics via Azure Monitor
Prerequisites
- Access to the Azure Portal with appropriate privileges
- Subscription Owner or User Access Administrator role
- Domotz agent or environment ready to store ‘Tenant ID’, ‘Client ID’, and ‘Client Secret’
- Optional: Familiarity with Azure AD App Registrations and IAM\
Step-by-Step Instructions
1. Create an App Registration
- Navigate to Microsoft Entra ID → App registrations
- Click “Add App Registration”
- Set the following:
- Name: e.g. ‘domotz-automation’
- Supported account type: ‘Accounts in this organizational directory only (Single tenant)’ (required)
- Redirect URI: leave blank or use `https://localhost` (optional)
- Click Register.
2. Create a Client Secret
- Inside the App, navigate to Certificates & secrets
- Under “Client secrets” click New client secret
- Enter a description and set expiration
- Click Add
- Copy the Value immediately and store it securely — it will not be shown again.
3. Note Key Identifiers
- Tenant ID: Found under Microsoft Entra ID → App Registrations → All Applications
- Client ID: Found on the App Registration Overview page
- Client Secret: Copied in the previous step
You’ll need these values in Domotz driver parameters.
4. Assign IAM Roles to the App
- Navigate to Subscriptions → Select your subscription
- Go to Access control (IAM) → Add role assignment
- Select Reader role → Next
- Assign to → User, group, or service principal
- Find your registered App (e.g. ‘domotz-automation’) and assign the role.
- Optional (if metrics are restricted): Add Monitoring Reader role the same way.
