Skip to main content

Onboarding Azure EA

Ripple integration for Azure EA

Yo Fukuda avatar
Written by Yo Fukuda
Updated yesterday

1. Register an app in Microsoft Entra ID (Azure AD)

Docs: MicrosoftHow to register an app in Microsoft Entra ID - Microsoft identity platform

  1. Sign in to the Azure portal as an Azure AD admin for the EA tenant.

  2. Go to Microsoft Entra IDApp registrationsNew registration.

    • Name: e.g. ea-cost-management-api-client

    • Supported account types: usually Single tenant for an EA scenario.

    • Redirect URI: optional for client credentials flow; can leave empty or use a placeholder.

3. Click Register.

4. In the app overview, copy:

    • Application (client) ID

    • Directory (tenant) ID

These will be used by your app to authenticate.

2. Create a client secret (or certificate) for the app

Docs: MicrosoftAdd and manage app credentials in Microsoft Entra ID - Microsoft identity platform

  1. In the same app, go to Certificates & secrets.

  2. Under Client secrets, choose New client secret.

  3. Set a description and an expiration period, then click Add.

  4. Copy the Value of the secret immediately (you won’t see it again).

You now have:

  • Tenant ID

  • Client ID

  • Client Secret

These are the core API credentials for OAuth 2.0 client‑credentials flow.

3. Make sure your EA is associated with this tenant and you have the right admin role

  1. Confirm your EA enrollment is associated with this Azure AD tenant.

  2. Sign in as:

    • Enterprise Administrator or

    • Account Owner (depending on how EA is delegated)

  3. If the EA is managed by a partner:

  4. If you manage EA directly:

You must have permission to grant access to Cost Management data for the EA enrollment.

How to check:

  1. Confirm that the EA enrollment is mapped to this Azure AD tenant:

    • EA portal / Azure Portal under Cost Management + BillingBilling scopes.

    • You should see your EA enrollment / billing account under this tenant.

2. Your user account should be:

    • Enterprise Administrator (EA portal), or

    • Another EA role that can manage billing access, or

    • For partner‑managed EA, a role with delegated rights as explained in docs (5).

If you can’t see or manage the EA enrollment in Cost Management + Billing, you likely don’t have the right role or aren’t in the correct tenant.

4. Grant the service principal access at the billing (EA) scope

Docs:

There are two aspects:

  • Give the service principal access to Cost Management data.

  • Scope that access to enrollment, billing account, subscription, or resource group.

4.1. Assign billing / Cost Management roles

  1. In the Azure portal, go to Cost Management + Billing.

  2. If you have multiple billing scopes, select Billing scopes, then choose:

    • Your EA enrollment, billing account, or a specific billing profile / invoice section, depending on where you want to read cost data.

  3. Under that scope, open Access control (IAM) or the equivalent Access control pane (naming may differ slightly by billing type).

  4. Click Add role assignment and assign your service principal (the registered app) one of:

    • Cost Management Reader – to read cost data.

    • Or Reader at the billing scope (if applicable).

  5. Select your app under MembersUser, group, or service principal → search by app name → Select.

  6. Save.

This grants the app permission at the billing scope for Cost Management.

4.2. Assign access at Azure resource scopes (if needed)

If you’ll query costs at subscription or resource‑group scope:

  1. Go to Subscriptions (or a specific Resource group / Management group).

  2. Open Access control (IAM).

  3. Click Add role assignment:

    • Choose Cost Management Reader or Reader.

  4. Assign it to the same service principal.

  5. Save.

Related Articles
Ripple - How to Customize Invoices
Ripple - Exchange Rate Settings
Alphaus 2021 Year in Review
Create Wave account in Ripple
Did this answer your question?