Azure Integration
ops0 connects to Azure using subscription-level access through a service principal. After connecting, you can run discovery and deployment workflows against the selected subscription.
Adding the Integration
Navigate to Integrations
Go to Settings > Integrations > Add Integration.
Select Azure
Choose Azure from the provider list.
Enter Service Principal Details
Provide the subscription, tenant, client, and secret values.
Connect
Click Connect to verify the integration.
Integration Fields
| Field | Required | Description |
|---|---|---|
| Name | Yes | Integration name |
| Subscription ID | Yes | Azure subscription |
| Tenant ID | Yes | Microsoft Entra tenant ID |
| Client ID | Yes | App registration client ID |
| Client Secret | Yes | Secret for the app registration |
Creating the Service Principal
Use the Azure CLI to create a service principal with a role assignment scoped to the subscription:
az ad sp create-for-rbac \
--name "ops0-integration" \
--role Contributor \
--scopes /subscriptions/YOUR_SUBSCRIPTION_ID
Copy the output values into the integration form in brew.ops0.ai.
Access Model
| Scope | Description |
|---|---|
| Subscription | Manage or discover resources across the selected subscription |
| Role Assignment | Controls whether ops0 can read only or also deploy changes |
Use the smallest possible role and scope. If discovery is the only goal, don’t give the integration full contributor access.
Troubleshooting
Authentication Failed
Check that the tenant ID, client ID, and secret all belong to the same app registration.
Subscription Not Found
Make sure the service principal has access to the target subscription.
Insufficient Permissions
Review the assigned Azure role and scope for the service principal.