Skip to content

Hybrid Cloud Blog

This post was authored by Lavanya Krishnan, Sr. Program Manager, System Center & Services.

Over the last month, in the blog series tour of Microsoft Operations Management Suite (OMS), we described how IT automation enables both process and configuration automation. We also explored the need for continuous IT services and how to achieve improved SLAs with IT automation. Today, we will outline the methods of authentication in OMS Automation and highlight how we have automated the creation and set up of authentication assets required for automation. By simplifying authentication, we’ve made it easier for you to get started.

Authentication in OMS Automation

If you are an existing OMS customer, you already know that when you start OMS Automation for the first time, you need to provide authentication to your Azure subscription to be able to access Azure resources from Automation runbooks.

In OMS Automation, this can be accomplished in different ways:

  • User Credentials (User Principal): Through an organizational account in Azure Active Directory that you configure as an administrator for your subscription. In this case, you have to create a credential for the user account and use it with Add-AzureAccount in your runbook.
  • Azure Run As Account (Service Principal): You can make use of the new feature recently implemented – a default Azure Run As Account that is created for you at the time of automation account creation (also referred to as the Service Principal). This is a certificate-based authentication alternative to passwords enabling robust access control to Azure resources via the Azure cmdlets.

The new Azure Run as account auto-creation feature gives you another option. Now, when you create an Automation account in the Azure portal, if you so choose, we will automatically create a new service principal on your behalf, assign it the contributor role for the current Azure subscription you are logged in to, and populate assets and a sample runbook in the Automation account. You can then immediately manage Azure resources. This greatly simplifies the process of building and deploying runbooks to support your automation needs, since manual creation/set up of an authentication asset is no longer required. You now have granular access control to automation users using certification instead of passwords. For step-by-step instructions on how to create a new automation account or to update an existing automation account so that it gets an Azure Run As account, please refer to the documentation article, Authenticate Runbooks with Azure Run As account.

The second method of authentication has been available to you for some time now. The blog post, Azure Automation: Authenticating to Azure using Azure Active Directory, describes in detail this method of authentication.

Getting started with automation has big benefits, and we’re working all the time to make that easier. If you’re new to OMS Automation, learn more about the service here, and follow us on Twitter for the latest news.