Getting Started with Azure: Assigning Reader Role & Preparing for Security Review

Create an Azure AD Service Principal

To streamline the review process, it would be helpful to create a Service Principal and provide the following:

You can create a Service Principal using the Azure CLI:

az ad sp create-for-rbac --name "<sp-name>" --scopes /subscriptions/<subscription-id>

for more info please follow the official documentation of azure: here

To assign the Reader and Global Reader role to a user in Azure using the Azure Portal, follow these steps:

Go to the Azure Portal and sign in.
Use the search bar at the top to search for Subscriptions.
Select the subscription to which you want to grant access.
In the left-hand menu, click on Access control (IAM).
Click on the + Add button at the top and choose Add role assignment.
In the Role dropdown, choose Reader and Global Reader roles.
In the Assign access to dropdown, select User, group, or service principal.
Choose the correct Service principal and user from the list of suggestions.
Click on Save to assign the role.

After these steps, the selected user and service principal will have read-only access to the subscription.

Copy the following values for the service principal created above and add them to astra dashboard
Application (Client) ID – Unique ID of the service principal
Tenant (Directory) ID – Azure AD tenant where the service principal is created
Client Secret – A generated secret in Azure AD
Subscription ID - Unique ID of the subscription in which service principal is created

Updated on: 07/04/2025