Technical Articles
F5 SMEs share good practice.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
F5 Employee
F5 Employee

Configuring a cloud account credential for F5 Distributed Cloud to use with Azure, while a straightforward process, requires some nuance to get just right. This article illustrates each step of the way.

  1. Log in to the Azure portal at Navigate to All Services > Azure AD > App registrations, then click “New registration”.Picture-Azure_1.png

  2. Enter the app name and choose who can access the API. Single tenant access is recommended.

  3. Now click “Certificates & secrets”, then “Client secrets (0)”, and then “New client secret”. Enter a name for the secret and choose the default expiration time of 6 months as a best practice. 

  4. Copy the secret and save it to enter later in the F5 Distributed Cloud Console.


  5. In the app registration overview “Essentials” section, copy the Application (client) ID and Directory (tenant) ID. You’ll need this information in the F5 Distributed Cloud Console further in this guide.

  6. Exit the app registration, and in the Azure Active Directory Overview, save the Tenant ID to enter later in the F5 Distributed Cloud Console.

  7. In the search box, type “Subscriptions” and open the subscription that you want services provisioned in.

  8. Click “Access control (IAM)”, then “+ Add”, then “Add role assignment”.Picture-Azure_1 (1).png

  9. Select the built-in role “Contributor”, then click the tab “Members”.
    Picture-Azure_2 (1).png

  10. Enter the name of the app registration created in step 2 above, highlight the selection, then click “Select”.
    Picture-Azure_3 (1).png

  11. The role assignment and member should appear. Now click “Review & assign”.
    Picture-Azure_4 (1).png

  12. Open and navigate to the F5 Distributed Cloud Console, Cloud and Edge Sites >  Site Management > Cloud Credentials, then click “Add Cloud Credentials”.

  13. Enter the following details, and then click “Configure”.
    Name: azure-cred
    Cloud Credential Type: Azure Client Secret for Service Principal
    Client ID: [copied in step 5]
    Subscription ID: [copied in step 6]
    Tenant ID: [copied in step 5]
    Picture-Azure_5 (1).png

  14. Paste in the private key using type “Text”, with the key copied in step 4. Click “Blindfold”, and then click “Apply”.
    Picture-Azure_6 (1).png


    Picture-Azure_7 (1).png

    Click “Save and Exit


Congrats! You've now configured a Cloud Credential for deploying services in Azure using the Distributed Cloud Service.

Legacy Employee
Legacy Employee

For the CLI savvy you can use AZ cli and grab the needed outputs too. 

From the Azure Console Bash Cloud Shell, run the following command:

  $ az ad sp create-for-rbac -n "http://[unique-name]-volterra-cc" --role contributor
    "appId": "xxx-xxxx",
    "displayName": "[unique-name]-f5xc-cc",
    "name": "http://[unique-name]-f5xc-cc",
    "password": "[password]",
    "tenant": "yyy-yyy"

Copy the JSON output (starting with "{" ending with "}") of this command and keep it safe. This credential enables read/write access to your Azure Subscription.

You will also need to retrieve your subscription ID. You can use the following command to list out the name, id, and whether it is your default subscription.

  $ az account show  --query [name,id,isDefault]
    "f5-AZR_xxxx", <-- name
    "xxx-xxx-xxx", <-- subscription id
    true           <-- is this the default subscription
F5 Employee
F5 Employee

Very helpful, thanks for this Dave.

I got tripped up slightly by the "Subscription ID". This ID is not listed in the step 6 screen as described here. It's easy to obtain after step 7 (search for "subscriptions" and you'll see your "Subscription ID" listed there). This gets copied into your cloud credential.  

Version history
Last update:
‎06-Feb-2023 12:09
Updated by: