3. Giving Access To Azure Key Vault

Prerequisites

  1. Registering the application in your tenant
  2. Selecting a Plan

Introduction

Enabling Azure Key Vault Certificate Automation requires EZCA to have access to your Key Vaults. EZCA needs RBAC Reader Role to verify the user requesting the certificate has access to the Key Vault. EZCA CA also requires an access policy with the following certificate permissions: Get, Update, and Create.

Adding Application to RBAC in Azure Portal

  1. Login to https://portal.azure.com
  2. Navigate to the Key Vault you want EZCA to manage.
  3. Click on the Access control (IAM) menu option Azure IAM Screen
  4. Click on Add Azure IAM Screen
  5. Select the “Add Role Assignment” Option
  6. Select Reader role Azure IAM Screen
  7. Click on Members Azure IAM Screen
  8. Click on “Select Members” Azure IAM Screen
  9. Select the Keytos Application Azure IAM Screen
  10. Click the Select button Azure IAM Screen
  11. Click the Review + assign button Azure IAM Screen
  12. Click the Review + assign button Azure IAM Screen

Adding Application to Access Policies in Azure Portal

  1. Login to https://portal.azure.com
  2. Navigate to the Key Vault you want EZCA to manage.
  3. Click on the Access policies menu option AKV Access policies
  4. Click on Add Access Policy AKV Access policies
  5. Under Certificate permissions select: Get, Update, Create. AKV Access policies
  6. Click on the “None selected” link to the right of Select Principal AKV Access policies
  7. Click on the “None selected” link to the right of Select Principal AKV Access policies
  8. Select the Keytos Application AKV Access policies
  9. Click the Select button AKV Access policies
  10. Click the Add button AKV Access policies
  11. Click the Save button AKV Access policies
  12. Your Azure Key Vault is ready to be managed by EZCA!