Cloud Setup

Grant Clazar the necessary permission to manage your Azure Marketplace.

Setup Partner Center Account

There are different membership programs for partnering with Microsoft. In order to sell your solution and go to market, get yourself enrolled in Microsoft Cloud Partner Program. Complete Organization Profile and Payout and Tax sections to finish the Microsoft Partner Center account setup. For details on account setup, follow account setup.

Setup Microsoft Partner Center Account section in Azure Cloud Setup

Setup Microsoft Partner Center Account section in Azure Cloud Setup


Azure AD App Registration

After logging to the Azure Portal and selecting the appropriate tenant, you can create an Azure AD App to let it use the capabilities of Azure AD like SSO, getting authorization token, etc. This registration process involves giving Azure AD some details about your application. This app will also be used for accessing SaaS fulfilment APIs required to maintain the offers.

Register an Azure AD App

Register an Azure AD app

Based on the use case, you can select the account types that will be supported. We recommend selecting Any Azure AD directory - Multitenant. Don't change Redirect URI as it is optional.

📘

Azure AD App for all offers

All the marketplace listings (offers) will have the same Application ID and hence the same Publisher ID

Once you have complete the app registration process successfully copy the Application (client) ID and Directory (tenant) ID from the Overview section to the Azure Cloud Setup section of the Clazar app. We use this information of seller to manage subscription lifecycle, get authorization token, view pending operations, add technical details to your marketplace offer, access analytics data, etc. By default the newly registered marketplace app will have only User.Read API permission.

Clazar Azure AD App Registration section in Azure Cloud Setup

Clazar Azure AD App Registration section in Azure Cloud Setup

Overview of the Azure AD app (accessible via left navigation panel)

Overview of the Azure AD App

API permissions of Azure AD app (accessible via left navigation panel)

API permissions of Azure AD App

For us to access the required APIs programmatically, along with the Application ID and Tenant ID we also need workload identity federation. In this step a new federated credential needs to be created by navigating to Certificates & secrets section. Follow the instructions provided in the Azure Cloud Setup section of Clazar app.

👍

Security of the Azure AD App

We are not following the approach of using client secrets to programmatically access the APIs.

Certificates & secrets section of the Azure AD app

Certificates & secrets section of the Azure AD app

Certificates & secrets section of the app
Adding a federated credential

Adding a federated credential


Permissions

To provide us with the UI access of the Partner Center to create & maintain the offer please invite the Clazar user as mentioned in the Clazar Permissions section of Azure Cloud Setup in Clazar app. You can invite the user from User Management settings in the Partner Center. The Azure AD App that is created doesn't have access to the Partner Center. In order to do so, add the Azure AD App to the User Managementand provide Developer access.

Clazar Permissions section in Azure Cloud Setup

Clazar Permissions section in Azure Cloud Setup

Inviting external user

Inviting external user

Providing Developer access to the invited user

Providing Developer access to the invited user

Adding Azure AD App to Partner Center

Adding Azure AD App to Partner Center

Providing Manager(Windows) access to the Azure AD App

Providing Developer access to the Azure AD App


What’s Next

Go ahead and create your first listing