How to configure DevOps with Lighthouse (3/6)

Lighthouse

Register the previous created Application Registration in your spoke tenants.

Agenda:

1. Create and configure an Application Registration to gain access using a secret.
2. Create a template- and parameter-file for connecting other subscriptions to Lighthouse in the hub subscription.
3. Register the AppReg in all other tenants.
4. Create a custom role for the AppReg (or use builtin roles).
5. Deploy the Lighthouse Template- and Parameter-file.
6. Create the Service Connections in Azure DevOps.
7. Test DevOps with Lighthouse

Step 3 Register the AppReg in all other tenants.

1. Modify this URL to fit your the spoke tenantID and the AppRegApplicationID:

https://login.microsoftonline.com/tenantID/oauth2/authorize?client_id=AppRegApplicationID&response_type=code&redirect_uri=https://microsoft.com

Sample: https://login.microsoftonline.com/15ae15c5-ffd5-1be5-a1cb-cb15aa15bc15/oauth2/authorize?client_id=16ae16c6-ffd6-1be6-a1cb-cb16aa16bc16&response_type=code&redirect_uri=https://microsoft.com

2. Open a browser tab where you can login as Application Administrator (minimum) to the spoke tenants, and go to that URL. Follow the steps to confirm adding the AppReg and do so for each tenant hosting subscriptions that shall be onboarded to Lighthouse.

Leave a Comment