diff --git a/themes/default/content/docs/pulumi-cloud/oidc/azure.md b/themes/default/content/docs/pulumi-cloud/oidc/azure.md index d39864a22f1..4d67af8ae35 100644 --- a/themes/default/content/docs/pulumi-cloud/oidc/azure.md +++ b/themes/default/content/docs/pulumi-cloud/oidc/azure.md @@ -37,9 +37,9 @@ In the navigation pane of the [Microsoft Entra console](https://portal.azure.com After the Microsoft Entra App has been created, take note of the following details: -* subscription ID +* Subscription ID * Application (client) ID -* Directory (tenant) ID. +* Directory (tenant) ID These values will be necessary when enabling OIDC for your service. @@ -78,6 +78,20 @@ The below is an example of a valid subject claim for the `development` environme You can learn more about setting up OIDC for Pulumi ESC by referring to the [relevant Pulumi documentation](/docs/pulumi-cloud/esc/providers/#setting-up-oidc). +## Create a Service Principal + +To provide Pulumi services the ability to deploy, manage, and interact with Azure resources, you need to associate your Microsoft Entra application with your Subscription or Resource Group. + +1. Navigate to the [Subscriptions](https://portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBladeV1) page of the Azure portal. +2. Select the subscription to create the service principal in. + * If you want to limit access to a specific resource group, go to the [Resource Groups](https://portal.azure.com/#view/HubsExtension/BrowseResourceGroups) page instead and select the desired resource group. +3. In the left navigation menu, select **Access control (IAM)**. +4. Click **Add** > **Add role assignment** to be taken to the **Add role assignment** wizard. +5. Under the **Job function roles** tab, select the desired role from the list, then click **Next**. +6. Select **User, group, or service principal**, then click **Select members** +7. Enter the name of the application you created in a previous step, select it from the list, then click **Select**. +8. Click **Next** and then **Review + assign**. + ## Configure OIDC in the Pulumi Console ### Pulumi Deployments