Azure

Automate your team's infrastructure access on Azure.

Setup

  1. Create or sign into your Azure account
  2. Connect your Azure organization to Hyphen
    • Sign in with your Azure account
    • Select the Azure tenant you wish to connect
    • Select a subscription to use for resource management

⚠️

Important: The user performing the integration must have the Global Administrator role in the Azure Active Directory tenant and must be assigned as Owner on the subscription that will be used.

That's it! After you've completed these steps, Hyphen will automatically:

  • Verify the credentials and selected tenant
  • Grant necessary permissions to the Hyphen service
  • Configure the required role assignments for resource management

Required Permissions

The one-click installation requires the following Microsoft Graph API permissions:

  • CrossTenantInformation.ReadBasic.All
  • AppRoleAssignment.ReadWrite.All
  • Application.ReadWrite.All
  • RoleManagement.ReadWrite.Directory

Required OAuth Scopes

To perform the setup and ongoing management securely, Hyphen requires access to the following Azure scope:

https://management.azure.com/user_impersonation

This scope allows Hyphen to manage resources across your Azure organization. It is required to:

  • List subscriptions and tenants
  • Create and manage resource groups
  • Assign roles and permissions to users and groups
  • Manage Azure resources on your behalf

These permissions are necessary to let Hyphen create and manage Azure resources and access control on your behalf.


Configuration

FieldTypeDescription
azureTenantIdstring (required)Azure Tenant ID provided by the user, used to authenticate future requests.
subscriptionIdstring (required)Azure Subscription ID provided by the user, used for future requests.
namestringName pulled during setup, used for reference and display.

Connections

Permission Group

Permission Group connections link to existing Azure Groups or create a new group if none is provided.

When creating a new group in Azure, the name will be the Hyphen Team name.

Configuration

FieldTypeDescription
groupIdstringUnique group ID in Azure, used for reference and future calls.
groupNamestringGroup name in Azure, used for display.

Connection Input

Provide the Azure group ID to connect to an existing group.

Verification

A verification email will be sent to the group owners' emails to verify existing groups.

Access

A Member connection will be added as a member when added to the group.


Cloud Workspace

Cloud Workspace connections link to existing Resource Groups in Azure or create a new one if none is provided.

When creating a new resource group, the name will combine the Hyphen project name and the Hyphen project environment name.

Configuration

FieldTypeDescription
resourceGroupIdstringUnique resource group ID in Azure, used for reference and future requests.
resourceGroupNamestringUnique resource group name in Azure, used for display and reference.

Connection Input

Provide the Azure resource group name to connect to an existing Resource Group.

Access

A Team connection will be added with the “Owner” role when added to the resource group.


User

User connections link to existing Azure Users. If no input is provided, the member email will be used to find the existing User.

Configuration

FieldTypeDescription
userIdstringUnique user ID in Azure.
emailstringUnique user email in Azure.

Connection Input

Provide the Azure member email to connect to an existing User.