Azure CSP Partner Consent
Accounts > Azure CSPs
You can obtain partner consent by either entering the required information while adding an Azure CSP in Kion, or you can generate a link to send to your partner so they can enter the information themselves.
Adding Application Information to the Partner Consent Form
This information is required whether you enter it while adding the CSP or through the partner consent link.
1. Create a service user
- Sign in to the Azure Portal (https://portal.azure.com for commercial or https://portal.azure.us for Gov) using credentials for your (the CSP Partner's) Azure Tenant.
- Navigate to Microsoft Entra ID.
- Copy the Microsoft Entra ID domain name and paste it into the Partner Domain Name field in the Kion Partner Consent page.
- In the Azure Portal, navigate to Users > New User.
- Enter a user name and friendly name for the user.
- Select Auto-Generate Password.
- Click Show Password.
- Copy the temporary password to notepad or a word document for later use.
- Under Groups and Roles, click the User link.
- Search for and select billing administrator.
- Click Create.
- Sign in to the Azure Portal as the new user and set a new password.
2. Verify the service user
- Sign in to the Microsoft Partner Center using admin credentials.
- Navigate to Settings > User Management.
- Select the new service user from the list.
- Under Roles and Permissions, it should show that the service user manages your organization's account as a billing admin.
3. Create an app registration
- In the Azure Portal, navigate to App Registrations > New Registration.
- Enter a name for the registration.
- Enter a redirect URL. For example,
https://YOURKionDOMAINHERE:443/api/v3/azure-csp/complete-service-account-registration
. - Copy the App Registration (client) ID and paste it into the Application Registration ID field in the Kion Partner Consent page.
- Navigate to Certificates and Secrets > New Client Secret.
- Set the client secret to never expire.
- Copy the client secret and paste it into the Application Client Secret field in the Kion Partner Consent page.
4. Grant the app permissions
- In the Azure Portal, navigate to API Permissions > Add a Permission.
- Select Microsoft Entra ID.
- Select the following delegated permissions:
- Directory.AccessAsUser.All
- User.Read
- Click Add Permissions.
- Navigate to API Permissions > Add a Permission.
- Under APIs My Organization Uses, find Microsoft Partner Center.
- Select the following delegated permissions:
- user_impersonation
- Click Add Permissions.
- Click Grant Admin Consent.
5. Register the app in Microsoft Partner Center
- Sign in to the Microsoft Partner Center.
- Navigate to Settings > Partner Settings > App Management.
- Under Web App, click Register Existing App.
- Select the web app you created in Azure and click Register Your App.
- Click Provide Admin Consent.
- Review and accept the permissions requested Microsoft dialog. When you accept, Azure redirects you to your app's return URI. Depending on your app, this may result in an error. If you receive an error, the app has still been granted consent. There is no further action required.