Secfix

Integrating your cloud infrastructure with Secfix is a pivotal step in your certification journey. To help you navigate this process smoothly, we’ve laid out this manual that guides you through connecting your Microsoft Azure account to Secfix. Let’s get started! 🚀

💡 You will need to be an Azure Organization Administrator or Global Administrator at the tenant level to authenticate the integration. You can check your role permissions by following the steps in <a href="https://www.loom.com/share/33ad40d3252b44d59d9402d264082d89" rel="nofollow noopener noreferrer" target="_blank">this guide</a>.

💡Secfix currently only supports Azure Global Cloud (default option). If you need to connect your Government Cloud subscription, contact your CSM.

To begin, head to the Connections page in your Secfix dashboard. In the Cloud Infrastructure Providers section click Connect next to Microsoft Azure.

___________________________________________________________

💡Connect an Azure Subscription ID that contains your production environment resources. If you have multiple subscriptions, each must be connected individually.

Go to <a href="https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade" rel="nofollow noopener noreferrer" target="_blank">this page</a> and copy your subscription ID.

1. Go to <a href="https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade" rel="nofollow noopener noreferrer" target="_blank">this page</a> and copy your subscription ID.
2. Paste it into Secfix.

Step 2: Create Secfix app and role

Go to the <a href="https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fportal.azure.com%2Fsignin%2Findex%2F&amp;response_type=code%20id_token&amp;scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&amp;state=OpenIdConnect.AuthenticationProperties%3DBfM5seUY56PF2dR9EgHDfSCANIGkf_h7PPiNPABqL8e6KEZh84x5118TfWdxXlDfKHlEBtAN0CQyGXijoq0O40ajgC_giimUrQ_MMj9q5b9gdUA2aHhXYq6qv7SYr0cGoNfMErcxl4NEzZDOwKMnn1gsO5uWOwXCwV0MzGkP8DXVr_l9uc84rb3XfCvWeXaFczIRs12NyZIPwCm10d_8tzPMDQUnr3UX8tIe5hylh0RLSivu82rnp5i20NKZ1ihfU3ADg8mLu7D8JeLY686pZ07HZuHRnboJ3icN7lJwzjtliCipwhdvvUddmEUTg3Hd0pJsWBF4FfpT0GV_8u8-snaH_XxbRpJVLjRcHacBABR58TZKwL6HK_pe3VuCJJE3WqlNLQuP5HKzeviSWGtXoTLq4JeoQXyhi22JEPgdU36RxFac91VYy9ki9cciW251fz7IfVnv-l1qVc8I2Vu3VKpJCVHkMX0I-S-PW0KXBU4&amp;response_mode=form_post&amp;nonce=638633055122349388.OGUzZTNhMTAtZmNlMC00ZjU4LTk0N2UtZTIyNWMyZTEwNGQ0ZmQ3ZjUyMjgtMjNkYi00NWY1LWJhMDUtMzNhOTkxM2E0ZDFl&amp;client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&amp;site_id=501430&amp;client-request-id=09d163cd-b814-4e34-9c5e-36e6e3cdad3d&amp;x-client-SKU=ID_NET472&amp;x-client-ver=7.5.0.0&amp;sso_reload=true" rel="nofollow noopener noreferrer" target="_blank">Azure Portal</a> and activate Cloud Shell.

Switch Cloud Shell from PowerShell to Bash.

Run the following command in Bash to download the Secfix Azure Subscription Connection script:

wget https://staging.secfix.com/assets/provision/secfix-azure-subscription-connection.sh

💡To run the script, you must have either Organization Administrator or Global Administrator access at the tenant level in Azure. ​

Run the following command in Cloud Shell to generate credentials:

bash ./secfix-azure-subscription-connection.sh {subscription id}

Once the script finishes, copy and paste the output values into the corresponding fields:

1. Go to the <a href="https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?redirect_uri=https%3A%2F%2Fportal.azure.com%2Fsignin%2Findex%2F&amp;response_type=code%20id_token&amp;scope=https%3A%2F%2Fmanagement.core.windows.net%2F%2Fuser_impersonation%20openid%20email%20profile&amp;state=OpenIdConnect.AuthenticationProperties%3DBfM5seUY56PF2dR9EgHDfSCANIGkf_h7PPiNPABqL8e6KEZh84x5118TfWdxXlDfKHlEBtAN0CQyGXijoq0O40ajgC_giimUrQ_MMj9q5b9gdUA2aHhXYq6qv7SYr0cGoNfMErcxl4NEzZDOwKMnn1gsO5uWOwXCwV0MzGkP8DXVr_l9uc84rb3XfCvWeXaFczIRs12NyZIPwCm10d_8tzPMDQUnr3UX8tIe5hylh0RLSivu82rnp5i20NKZ1ihfU3ADg8mLu7D8JeLY686pZ07HZuHRnboJ3icN7lJwzjtliCipwhdvvUddmEUTg3Hd0pJsWBF4FfpT0GV_8u8-snaH_XxbRpJVLjRcHacBABR58TZKwL6HK_pe3VuCJJE3WqlNLQuP5HKzeviSWGtXoTLq4JeoQXyhi22JEPgdU36RxFac91VYy9ki9cciW251fz7IfVnv-l1qVc8I2Vu3VKpJCVHkMX0I-S-PW0KXBU4&amp;response_mode=form_post&amp;nonce=638633055122349388.OGUzZTNhMTAtZmNlMC00ZjU4LTk0N2UtZTIyNWMyZTEwNGQ0ZmQ3ZjUyMjgtMjNkYi00NWY1LWJhMDUtMzNhOTkxM2E0ZDFl&amp;client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&amp;site_id=501430&amp;client-request-id=09d163cd-b814-4e34-9c5e-36e6e3cdad3d&amp;x-client-SKU=ID_NET472&amp;x-client-ver=7.5.0.0&amp;sso_reload=true" rel="nofollow noopener noreferrer" target="_blank">Azure Portal</a> and activate Cloud Shell.
2. Switch Cloud Shell from PowerShell to Bash.
3. Run the following command in Bash to download the Secfix Azure Subscription Connection script:
 wget https://staging.secfix.com/assets/provision/secfix-azure-subscription-connection.sh
 
 💡To run the script, you must have either Organization Administrator or Global Administrator access at the tenant level in Azure. ​
4. Run the following command in Cloud Shell to generate credentials:
 bash ./secfix-azure-subscription-connection.sh {subscription id}
 
5. Once the script finishes, copy and paste the output values into the corresponding fields:

- App ID
- App Secret
- Tenant ID

Step 3: Completing the Integration

Your Secfix-Azure integration should now be complete! 🎉

Double-check that the necessary permissions and role assignments were granted.

- Ensure the Subscription ID is correct.
- Double-check that the necessary permissions and role assignments were granted.

Step 1: Specify subscription ID

Step 2: Create Secfix app and role

Step 3: Completing the Integration

Troubleshooting and Support