# Microsoft Azure authentication

> To create a connection, you need to provide the following credentials:

## Prerequisites

To create a connection, you need to provide the following credentials:

* Client ID
* Client Secret
* Tenant ID
* Subscription ID
* Environment

You must also select the **OAuth scope** (Azure services to grant access, such as Management, Key Vault, or Storage).

For more information, refer to the Microsoft documentation:

* [Configure your App Service or Azure Functions app to use Microsoft Entra sign-in](https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad?tabs=workforce-configuration) 
* [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription)
* [Overview of permissions and consent in the Microsoft identity platform](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent)

## Add the connection

To create a connection to your Microsoft Azure instance, you need to perform the following steps:

1. Select Orchestrator from the product launcher.
2. Select a folder, and then navigate to the **Connections** tab.
3. Select **Add connection**.
4. To open the connection creation page, select the connector from the list. You can use the search bar to find the connector.
5. Enter the required credentials and select **Connect**.

   For any secret-type field, you can select the menu next to the field and choose **Use credential asset** to reference an Orchestrator credential asset linked to an external vault instead of entering the value directly. For more information, see [Use credential assets for connections](credential-store-connections.md).