openshift-docs/modules/zero-trust-manager-configure-azure.adoc

// Module included in the following assemblies:
//
// * security/zero_trust_workload_identity_manageer/zero-trust-manager-oidc-federation.adoc

:_mod-docs-content-type: PROCEDURE
[id="zero-trust-manager-configure-azure_{context}"]
= Using Entra ID with {azure-first}

After the Entra ID configuration is complete, you can set up Entra ID to work with {azure-short}.

.Prerequisites

* You have configured the SPIRE OIDC Discovery Provider Route to serve the TLS certificates from a publicly trusted CA.

.Procedure

. Log in to Azure by running the following command:
+
[source,terminal]
----
$ az login
----

. Configure variables for your Azure subscription and tenant by running the following commands:
+
[source,terminal]
----
$ export SUBSCRIPTION_ID=$(az account list --query "[?isDefault].id" -o tsv) <1>
----
+
[source,terminal]
----
$ export TENANT_ID=$(az account list --query "[?isDefault].tenantId" -o tsv) <2>
----
+
[source,terminal]
----
$ export LOCATION=centralus <3>
----
+
<1> Your unique subscription identifier.
<2> The ID for your Azure Active Directory instance.
<3> The Azure region where your resource is created.

. Define resource variable names by running the following commands:
+
[source,terminal]
----
$ export NAME=ztwim <1>
----
+
[source,terminal]
----
$ export RESOURCE_GROUP="${NAME}-rg" <2>
----
+
[source,terminal]
----
$ export STORAGE_ACCOUNT="${NAME}storage" <3>
----
+
[source,terminal]
----
$ export STORAGE_CONTAINER="${NAME}storagecontainer" <4>
----
+
[source,terminal]
----
$ export USER_ASSIGNED_IDENTITY_NAME="${NAME}-identity" <5>
----
+
<1> A base name for all resources.
<2> The name of the resource group.
<3> The name for the storage account.
<4> The name for the storage container.
<5> The name for a managed identity.

. Create the resource group by running the following command:
+
[source,terminal]
----
$ az group create \
  --name "${RESOURCE_GROUP}" \
  --location "${LOCATION}"
----