How to Create an Azure Source

Using PowerShell

It's a simple task to allow Hava access to import your resources using PowerShell. This guide assumes you are logged into the Azure Portal and are using the built in CLI, but this can be done on your local machine too.

Create a Service Principal (feel free to choose a different name)
$sp = New-AzADServicePrincipal -DisplayName HavaServicePrincipal
Give it Read Access
New-AzRoleAssignment -ApplicationId $sp.ApplicationId -RoleDefinitionName "Reader"
Decrypt the Password
$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($sp.Secret)
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
You now have the credentials to login!
  • Subscription ID: (Get-AzContext).Subscription.Id
  • Tenant ID: (Get-AzContext).Tenant.Id
  • Client ID: $sp.ApplicationId
  • Secret: $password

Enter the values into Hava

  1. On the Hava environments list click Add Environments and then Azure, then enter the credentials from PowerShell into the fields.
  2. Click Import to create an Azure source and begin the import of your environments!


Using the Azure Portal

There are quite a few steps required to allow Hava to access your Azure resources using the Portal, so let's get started!

To allow Hava to import your Azure account you will need to provide access by creating an Active Directory application and assigning read-only permissions to it. To create AD applications you will need admin access to the Azure account.

So without further ado, let's start with:

Creating an Active Directory Application

  1. Select Azure Active Directory

  2. Select App registrations, then click New application registration

  3. Enter the following details
    1. Name: Hava
    2. Application Type: Web app / API
    3. Sign-on URL:

  4. Your application has been created!


Assign Roles to the Application
This will step you through adding a role for the application at the subscription level; this will grant Hava access to read everything in your account but not make any changes. You can also apply the access to a specific resource group or groups, or even individual resources - Hava will only draw the resources you give it access to.

  1. Select Subscriptions and select the specific subscription you would like to assign access to

  2. Select Access control (IAM) and then click Add

  3. Select the Reader role and then search for the Hava application you created earlier

  4. Select Hava from the list then press okay to assign read-only permission to the Hava application you created earlier


Get your parameters to give access to Hava
You will need four separate parameters to give Hava access to your account, first off is the subscription ID.

  1. Select Subscriptions and then select the specific subscription you will be importing from

  2. Copy your Subscription ID - this is the first value you will need.

Now to get the ID and access key:

  1. Select the app you just created from the App Registrations list in Active Directory

  2. Copy the Application ID and save it as your Client ID - this is the second value you need

  3. In the same screen click Settings and then the Keys link and enter a name for your key name (something like HavaAccessKey) and select Never Expires

  4. After the key is saved it will show the created value - copy this and save it as your Client Secret, the third value required. This is the only time you see it so make sure you copy it now!

Get your Tenant ID:

  1. Once again in the main Active Directory blade select Properties and copy the Directory ID - this is your Tenant ID - the final value you will need for access


Enter the values into Hava

  1. On the Hava environments list click Add Environments and then Azure, then enter the details you copied from Azure into the fields
  2. Click Import to create an Azure source and begin the import of your environments!