LogoLogo
Contact Us
  • Finout Documentation
  • Get Started with Finout
    • Introduction to Finout's Suite of Features
    • Onboarding New Users to Your Finout Account
    • Single Sign-On (SSO) Setup
    • Enterprise Discount Program (EDP)
    • Cost and Usage Types
      • FairShare Cost
      • List Cost
  • Integrations
    • Cloud Services
      • Connect to AWS
      • Connect to Azure
      • Connect to Oracle
      • Connect to GCP
    • Third Party
      • Connect to Confluent
      • Connect to Databricks
      • Connect to Snowflake
      • Connect to Jira
      • Connect to Datadog
        • Datadog API Cost Calculation
        • Datadog Integration Levels
        • Datadog Usage Attribution Tags (UAT)
      • Connect to Microsoft Teams
      • Connect to ServiceNow
      • Custom Cost Centers
      • Credentials Vault
    • Telemetry
      • S3 Telemetry Integration
      • Setting Up a Datadog - Finout Metrics Integration (Export)
    • Kubernetes
      • Connect to Kubernetes Prometheus
      • Kubernetes - How Finout Calculates K8s Costs
      • Kubernetes MegaBill
      • Kubernetes Budgeting
      • Kubernetes Anomaly Detection
      • Kubernetes Custom Dashboards
      • Kubernetes Predefined Dashboards
      • Ensure Compatibility of Your Kubernetes Monitoring with Finout
  • User Guide
    • Inform
      • MegaBill
      • Custom Drilldown
      • Custom Cost Input
      • Virtual Tags
        • Relational Virtual Tags
      • Shared Cost Reallocation
        • How to Use Shared Cost Reallocation
      • FinOps Dashboards
      • Financial Plans
      • Data Explorer
    • Optimize
      • My Commitments
      • Commitments Log
      • Anomalies
      • CostGuard
        • CostGuard - Scans
        • Connect CostGuard for AWS
        • Connect CostGuard for GCP
    • Operate
      • Reports
      • Tag Governance
  • Configuration
    • Finout API
      • Generate an API Token
      • Filter Object Definition
      • Cost API
      • Query Language API
      • Virtual Tags API
      • CostGuard API
      • Endpoint API
      • Virtual Tag Metadata API
    • Role-Based Access Control (RBAC)
      • Role Permissions
      • Managing Roles
        • Creating a Custom Role
        • Permissions List
        • Managing a Role and its Permissions
      • Managing Users
        • Inviting a User
        • Edit a User's Roles
      • Data Access Control
      • Groups
        • Create a New Group
        • Edit Group Data Access
        • Delete a group
        • Edit Group Users and SAML Groups
      • RBAC FAQs
    • Endpoints
      • Slack Notification Endpoint
  • Common Features
    • List of Common Features
      • ACL Permissions
      • Saved Views
Powered by GitBook

Still need help? Please feel free to reach out to our team at support@finout.io.

On this page
  • Azure Integration Overview
  • 1. Create a Service Principal for Finout
  • 2. Create the Billing Export
  • 3. Grant Finout Read-Only Permission from the Export Storage
  • 4. Integrate Azure with Finout
Export as PDF
  1. Integrations
  2. Cloud Services

Connect to Azure

PreviousConnect to AWSNextConnect to Oracle

Last updated 1 month ago

Azure Integration Overview

Integrate Azure with Finout to generate comprehensive cost and usage reports tailored to your organization's needs. Configure Finout to create detailed reports using Azure data, either for specific subscriptions or across your entire organization. This integration allows for in-depth analysis and management of expenses, offering valuable insights into cost allocation and usage trends across your Azure infrastructure.

Azure Configuration Workflow:

1. Create a Service Principal for Finout

The integration to your Azure is achieved by using an . There are two options: a.

b. and .

a. Create a service principal using the CLI

  1. From the CLI, type the following:

az ad sp create-for-rbac -n "finout"
  1. You will receive an output similar to the following:

{
  "appId": "3c666g0g6-8cb8-8b33-cba6-abc7676a8989",
  "displayName": "finout",
  "password": "789************************",
  "tenant": "6666b777-ba88-44a9-a4aa-666ccb222a91"
}

Important: Save the following details to use in the Finout console (step 4):

  • appId → Application (client) ID

  • tenant → Directory (tenant) ID

  • password → Application password (Client Secret

b-1. Create a service principal using the Azure portal

  1. From your Azure portal, search for and select Azure Active Directory.

  2. Select App registrations, then click New registration.

  3. Name the application (For example, "Finout").

  4. Leave the default values in the rest of the parameters and click Register.

  5. The Overview page provides two of the credentials required for the Finout console (step 4) the Application (client) ID and the Directory (tenant) ID.

    Important: Save the following details to use in the Finout console (step 4):

    • appId → Application (client) ID

    • tenant → Directory (tenant) ID

b-2 Set up the authentication

For the Finout integration, use the password-based authentication (application secret) method by following these steps: ​

  1. Select Certificates & secrets from the left-hand menu on the app registration page.

  2. Click + New client secrets to create a new client secret.

  3. Select a time frame for its expiration, add a description, and then click Add.

    Note: If the secret is set to expire, you must remember to renew the credentials and reconfigure it in the Finout console.

  4. Copy the Value from the Client secret to the Application secret field in the Finout console (step 4).

2. Create the Billing Export

In this step, create the export for the billing scope and grant Finout read-only access to these export files.

Important: Ensure you're on the billing scope when performing the following step. To ensure you're on the billing scope, check the text on your cost management screen that states Billing account.

Note: When creating an export for the billing scope, you can choose to configure Azure settings by overwriting the same file or by generating a new file for each run.

Create the report exports on the billing scope:

The reports must be exported twice, once for each of the following cost types:

  1. Actual cost

  2. Amortized cost

You should provide a different directory for both exports, but both exports must be exported to the same container.

To create an export in your Azure portal:

  1. In Azure, navigate to Cost Management.

  2. Click Exports in the left-hand menu.

  3. From the Export screen, click + Create. The New export page appears.

  4. Click Cost and Usage (actual or amortized).

    ​Note: The reports must be exported twice, once for each cost type. You should provide a different directory for both exports, but both exports must be exported to the same container.

    You are brought to the Datasets tab.

  5. Add the Export Profile name and click Next. You are brought to the Destination tab.

    Important: - Ensure that the Format is CSV. - Ensure that the Compression type is None.

    Fill in the details required on the destination page.

    Note: Save the following details to add to Finout (step 4): -Storage Account

    -Container

    -Actual Cost Directory and Export Name

    -Amortized Cost Directory and Export Name

  6. Click Next. You are brought to the Review and Create tab.

  7. Review the summary and click Create.

  8. After the export is created, select it from the export page and click Run now.

3. Grant Finout Read-Only Permission from the Export Storage

Grant read-only permission by using Azure CLI or the Azure portal.

Grant permissions using Azure CLI

  • Type the following command in your CLI and fill in the parameters according to the role and storage details:

    az role assignment create --assignee <app_id> --role "Storage Blob Data Reader" --scope /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Storage/storageAccounts/<storage_account_name>/blobServices/default/containers/<container_name>

Grant permissions using the Azure portal

  1. From your Storage account page, click Containers and select the export container.

  2. Select Access control (IAM).

  3. Click +Add and then click Add role assignment.

  4. Search for Storage blob data reader, select it, and then click Next.

  5. Click + Select members and find the Finout service principal.

  6. Select the Finout service principal and click Select.

  7. Click Review + Assign.

4. Integrate Azure with Finout

  1. Navigate to Settings > Cost Centers and click Add cost center. The Connect Accounts window appears.

  2. In Azure, click Connect Now. The Azure integration window appears.

  3. Add the details saved from step 1 and click Next. You are brought to the Create the billing export page.

  4. Add the details saved from step 2 and click Next. The integration is complete.

Important: To successfully finish the Azure integration with Finout, ensure the export files exist in the given container.

Azure service principal
Create a Service Principal for Finout
Create the Billing Export
Grant Finout Read-Only Permission from the Export Storage
Integrate Azure with Finout
Create a service principle using the CLI.
Create a service principal using the Azure portal
set up an authentication