> ## Documentation Index
> Fetch the complete documentation index at: https://docs.refold.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Setup

> Connect to your Azure Security Centre app for OAuth.

To setup your Azure Security Centre in Refold for OAuth, you will need the following credentials from your [Microsoft Azure account](https://azure.microsoft.com/en-gb/):

* Client ID
* Client Secret
* Scopes

### Pre-requisites

1. Microsoft Azure Account. You can create one [here](https://azure.microsoft.com/en-gb/).

### Required Settings

* **Mandatory Scopes**

1. User.Read
2. user\_impersonation
3. offline\_access

<Info>If you haven't already created an app in Microsoft Azure, you'd need to create one.</Info>

### Creating an app in Microsoft Azure

To create a Azure Security Centre app and acquire the above mentioned credentials, please follow the steps mentioned below:

1. Log in to your [Microsoft Azure account](https://azure.microsoft.com/en-gb/).
2. Search for **Microsoft Entra ID** and select it from **Services** in the top search bar.

<img height="200" src="https://mintcdn.com/cobalt-55/wOGvLSncBaYd4o6C/images/Ms365/ms365_navigation.png?fit=max&auto=format&n=wOGvLSncBaYd4o6C&q=85&s=15504278a7f8cda14af4d9d3c861b1df" alt="Navigation for App setup" data-path="images/Ms365/ms365_navigation.png" />

3. Navigate to `Overview` in the side menu > Click on `+Add` > Select `App Registration`.
4. Enter the App **Name** for your application and select `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)` under **Supported Account Types**.
5. Go to your [`Apps catalog`](https://app.gocobalt.io/apps) in **Refold** > Search for `Azure Security Centre` > `Settings` > `Use your credentials` > `Callback Url` > Copy it.
6. Under the **Redirect URI** section, select **Platform** as `Web`, paste the **Callback Url** as the URL and click `Register`.

<img height="200" src="https://mintcdn.com/cobalt-55/USIhqTKu3QZXm8QM/images/AzureSecurityCenter/entraWaala.png?fit=max&auto=format&n=USIhqTKu3QZXm8QM&q=85&s=01f5af6c485cc82a53e7a3cb2e862828" alt="App Registration" data-path="images/AzureSecurityCenter/entraWaala.png" />

<Info>
  If you already have an app created, then follows these steps to add Redirect URL:

  Select your Application > Select **Authentication** in side menu > Under **Platform configurations**, press the  **Add a platform** button > Select **Web** > Paste the Callback Url > Click on **Configure** > Click **Save** button at the bottom.
</Info>

7. Navigate to `Manage` > `API permissions` in the side menu > Click on `+ Add a permission`.
8. Choose the `Microsoft Graph` card under **Microsoft APIs** > Choose `Application permissions` > Select the **mandatory scopes** > click on the `Add Permissions` button.
   <Info>**Offline\_access** scope will be present under **Delegated permissions** in **Microsoft Graph**</Info>

<img height="200" src="https://mintcdn.com/cobalt-55/0IGKzTphHY-auv_h/images/Ms365/ms365_config.png?fit=max&auto=format&n=0IGKzTphHY-auv_h&q=85&s=e6832d70586c9c024c19f68e456b27be" alt="Setting up Azure Security Centre Developer app" data-path="images/Ms365/ms365_config.png" />

9. Navigate to `Certificates and Secrets` in the side menu and under **Client Secrets** tab, press the `+ New client secret` button. Give a **Description**, select the best expiry for your application and click `Add` to create your credentials.
10. Copy the displayed **Client Secret** under the `Value` column.

<img height="200" src="https://mintcdn.com/cobalt-55/0IGKzTphHY-auv_h/images/Ms365/ms365_credentials.png?fit=max&auto=format&n=0IGKzTphHY-auv_h&q=85&s=7944a19fea4a8b5e28f5ad596557d72f" alt="Getting Client Secret" data-path="images/Ms365/ms365_credentials.png" />

11. Navigate to `Overview` in the side menu > `Essentials` tab > Copy the **Client ID** under `Application (client) ID` and **Tenant ID** under `Directory (tenant) ID`.

<img height="200" src="https://mintcdn.com/cobalt-55/0IGKzTphHY-auv_h/images/Ms365/ms365_id.png?fit=max&auto=format&n=0IGKzTphHY-auv_h&q=85&s=2796109cad9d645e38eae3969d2f6f18" alt="Getting Client ID" data-path="images/Ms365/ms365_id.png" />

#### Configuring credentials in Refold

App settings page lets you configure the authentication settings for an `OAuth2` based application. For your customers to provide you authorization to access their data,
they would first need to install your application. This page lets you set up your application credentials.

<img height="200" src="https://mintcdn.com/cobalt-55/USIhqTKu3QZXm8QM/images/AzureSecurityCenter/cobalt_ss.png?fit=max&auto=format&n=USIhqTKu3QZXm8QM&q=85&s=b3a2253a1a21dc534f054da1f80d5c8b" alt="Setting up application client credentials" data-path="images/AzureSecurityCenter/cobalt_ss.png" />

Provide the acquired Client ID and Client Secret under Settings of the app and save it.

#### Configuring Scopes

Refold lets you configure what permissions to ask from your users while they install your application. The scopes can be added or removed from the App settings page, under `Permissions & Scopes`
section.

For some applications Refold sets **mandatory scopes** which cannot be removed. Additional scopes can be selected from the drop down. Refold also has the provision to add any
custom scopes supported by the respective platform.

<img height="200" src="https://mintcdn.com/cobalt-55/USIhqTKu3QZXm8QM/images/AzureSecurityCenter/scopes.png?fit=max&auto=format&n=USIhqTKu3QZXm8QM&q=85&s=529c84265c4ca9c30316213934f3d039" alt="OAuth Scopes" data-path="images/AzureSecurityCenter/scopes.png" />

Once the scopes has been added to the application in Refold, go to your [Microsoft Azure account](https://azure.microsoft.com/en-gb/) and update the scopes as added on Refold.

Select the OAuth App created for Refold and follow **Step 7** and **8** [above](https://docs.gocobalt.io/resources/integration-providers/azure_security_center#creating-an-app-in-microsoft-azure).

<Warning>
  If you are facing scopes missing or invalid scope error. Make sure you are not passing any custom scope not supported by the platform. And, the scopes selected here are
  identical to the ones selected in the platform.
</Warning>

#### Actions and triggers

Once the above setup is completed, you can create orchestrations of your use-cases using Azure Security Center actions and triggers. Following are the set of Azure Security Center actions and triggers
supported by Refold.

<Tabs>
  <Tab title="Actions">
    <AccordionGroup>
      <Accordion title="Location">
        1. **List Locations** - List all locations in Azure Security Center.
        2. **Get Location By Id** - Get a location By Id in Azure Security Center.
      </Accordion>

      <Accordion title="Task">
        3. **Update Resource Group Task State** - Update Resource group task state in Azure Security Center .
        4. **List Tasks By Home Region** - List all tasks by home region in Azure Security Center.
        5. **List Tasks** - List all tasks in Azure Security Center.
      </Accordion>

      <Accordion title="Others">
        6. **HTTP Request** - Make HTTP API calls to any Azure Security Center  documented REST APIs.
        7. **List Subscriptions** - List all subscriptions in Azure Security Center.
      </Accordion>
    </AccordionGroup>
  </Tab>

  <Tab title="Triggers">
    There are no triggers in this application.
  </Tab>
</Tabs>