lucidscale.zendesk.com Open in urlscan Pro
104.16.51.111 Public Scan

Back to summary

Submitted URL:
https://email.lucid.co/NzA0LUJFTC0zNjYAAAGLXI63iM3alf7MYohWSxtVjVnA0Vw7I3AfsmtiEqZoZmBAkFFqGkvOIXwm4OT9Igi_j9PvRpA=
Effective URL:
https://lucidscale.zendesk.com/hc/en-us/articles/4407993389076-Import-and-Manage-Azure-Infrastructure-Data?utm_medium=email&utm...
Submission: On April 29 via api (April 29th 2023, 3:59:51 pm UTC) from US — Scanned from DE

Form analysis
1 forms found in the DOM

GET /hc/en-us/search?

<form accept-charset="UTF-8" action="/hc/en-us/search?" autocomplete="off" class="search search-nav" data-instant="true" data-search="" id="nav-search-form" method="get" role="search"><input name="utf8" type="hidden" value="✓"><input name="filter_by"
    type="hidden" value="knowledge_base"><input aria-label="Search" autocomplete="off" class="hidden" id="query" name="query" placeholder="search" type="search" style="max-width: 120px;"><span class=""><svg fill="none" height="24" viewBox="0 0 24 24"
      width="24" xmlns="http://www.w3.org/2000/svg">
      <path clip-rule="evenodd" d="M2 9.5C2 5.4 5.4 2 9.5 2C13.6 2 17 5.4 17 9.5C17 13.6 13.6 17 9.5 17C5.4 17 2 13.6 2 9.5ZM15 9.5C15 6.5 12.5 4 9.5 4C6.5 4 4 6.5 4 9.5C4 12.5 6.5 15 9.5 15C12.5 15 15 12.5 15 9.5Z" fill="#282C33"
        fill-rule="evenodd"></path>
      <path
        d="M15.4393 15.4393C14.8536 16.0251 14.8536 16.9749 15.4393 17.5607L19.4393 21.5607C20.0251 22.1464 20.9749 22.1464 21.5607 21.5607C22.1464 20.9749 22.1464 20.0251 21.5607 19.4393L17.5607 15.4393C16.9749 14.8536 16.0251 14.8536 15.4393 15.4393Z"
        fill="#282C33"></path>
    </svg></span></form>

Text Content

Learning Campus
* Training labs
* Help center
* Community

* Go to Lucid

Menu
LucidLucidchartLucidsparkLucidscaleLucidForEducation
Lucidscale

Lucid Help › Lucidscale Help Center › Azure › Lucidscale for Azure ›
Import and Manage Azure Infrastructure Data
Supported Resources and LinesImport Your InfrastructureSubscription
ConfigurationImport via AD Application (Recommended)Import via Azure Management
GroupImport via Azure CLIData Hub - Manage Your Azure Infrastructure Data and
CredentialsImported SubscriptionsSaved CredentialsSecurity InformationFrequently
Asked QuestionsRelated Articles

IMPORT AND MANAGE AZURE INFRASTRUCTURE DATA

Lucidscale allows you to import cloud infrastructure data from Azure and
generate diagrams from that data in a Lucidscale Model.

To learn more about functionality available with a Lucidscale license, see our
Lucidscale Plans article. To purchase a license, view our pricing page.

SUPPORTED RESOURCES AND LINES

Lucidscale supports the following Azure resources:

* API Management
* App Services (Web Apps + API Apps)
* Azure Managed Identity
* Compute (Virtual Machines, Virtual Machine Scale Sets)
* Connection
* Cosmos DB Account
* Databricks Workspaces
* Disks
* DNS Zones
* Firewalls
* Front door
* Functions
* Gov Cloud
* Key Vault
* Local Network Gateway
* MySQL (Databases)
* Network (Application Gateways, Load Balancers, Subnets, Virtual Networks)

* NSG
* PostgreSQL (Databases)
* Private Endpoints
* Route Tables
* Service Bus
* SQL (Databases)
* Storage (Storage Accounts)
* Traffic Manager Profiles
* Virtual Network Gateway
* Virtual Network Peering

We can draw lines between resources that explicitly reference another in the
metadata:

* Application Gateway → Virtual Machines
* Application Gateway → Virtual Machine Scale Sets
* Application Gateway → App Services
* Front Door → Application Gateway
* Front Door → App Service
* Front Door → Traffic manager profile
* Load Balancer → Virtual Machine
* Virtual Machines → Disk
* Virtual Network Gateway → Local Network Gateway
* Virtual Network Gateway → Virtual Network Gateway
* Virtual Network Peering Lines [VNET → VNET]

Note: If you’ve elected to summarize resources within a Lucidscale View, you
will need to un-summarize them in order for your lines to be rendered in the
Model.

IMPORT YOUR INFRASTRUCTURE

You can import your Azure Cloud Infrastructure using one of the two methods:
providing an Azure AD application attached to a role with the proper policies;
or running a script from your Command Line Interface (CLI).

If you are working with a very large environment, the Subscription Configuration
step (detailed below) when using AD Applications can help to reduce the amount
of data you are importing or reduce the number of API calls Lucidscale makes to
Azure. The Data Hub supports up to 5 concurrent imports. If you'd like to import
more than 5 subscriptions, you will need to wait for one to finish and then
start another.

Note: If you import using the AD application method, Lucidscale will save your
AD applications in the Data Hub so that you can use them in the future without
having to re-enter your information.

To render your Azure infrastructure in a Lucidscale Model:

1. Click + New on the Lucid Home Page.
2. Hover your cursor over Lucidscale.
3. Select Azure.
4. Choose to create a Model with a previously imported Azure subscription or
click Open Data Hub to import a new subscription to the Lucid Data Hub and
render it in a Lucidscale Model.
5. After selecting Open Data Hub, click + New Subscription and you can choose
your import method.

6. After choosing an import method and completing the import, your subscription
will be listed as a data source in the “Data Hub > Azure: Imported
Subscriptions'' section and will also be listed as an “imported” Azure
subscription in the modal after clicking + New > Lucidscale > Azure.

7. Selecting the subscription after clicking + New > Lucidscale > Azure or
opening the three-dot menu in the Data Hub and clicking Create new Model
will start the process of rendering your Azure infrastructure associated
with the account as a diagram in a new model’s workspace. Before you create
a new model, you can add Filters to exclude unnecessary resources.

8. Select Create Azure Model to begin generating the model in the background of
your Lucid Homepage. We will notify you once it has been rendered through
the status modal that appears in the bottom-right of the page.

You can open your Model from the status modal that renders directly after
choosing to create a new Model. Your Model (and previously created Models) will
also be stored and accessible in the “Documents'' section of your Lucid Home
Page after you generate it. To learn how to work with your Azure architecture in
a Lucidscale Model once it is rendered, check out the linked article.

SUBSCRIPTION CONFIGURATION

When importing an Azure subscription to the Lucid Data Hub using the AD
application method, you have the option to omit chosen resource types or
metadata from your import. This grants you the ability to visualize only
resource types you’re interested in and in some cases can increase the speed of
your import. Deselected resource types and metadata will not be imported or
rendered in your diagram.

IMPORT VIA AD APPLICATION (RECOMMENDED)

To import your Azure infrastructure via AD application and render a Lucidscale
Model, follow these steps:

Step 1: Register a new application

1. On the Lucid Home Page, click + New.
2. Hover your cursor over Lucidscale.
3. Select Azure.
4. Choose to create a Model from an existing Azure subscription or click Open
Data Hub to import and render a new subscription.
5. After selecting Open Data Hub, click + New Subscription and select Azure AD
Application.

6. Click Create a new AD Application.

7. Select Global Azure Application or Azure Government Application depending
on where your Azure instance resides. Leave this tab open so we can return
to it later.

8. In a new browser tab, log in to your Azure account.
9. Register a new Azure AD application in the Azure portal: App Registrations
> New registration.
10. Give a name to the application and leave the remaining settings as default.
11. Click Register.
12. Copy the Application (client) ID by clicking the copy to clipboard icon.
13. Paste the copied ID into the Application (client) ID field in the modal on
your previous Lucid tab.
14. Copy the values for Application (client) ID and Directory (tenant) ID from
the newly created app and paste them into their respective fields in the
modal on your previous Lucid tab: Application (client) ID, Directory
(tenant) ID.
15. Navigate back to your Azure tab and click on Certificates & Secrets.
16. Click on + New client secret.
17. Enter a Description for the client secret, select the expiration value you
want, and click Add.
18. Copy the Value of the newly generated secret by clicking the copy to
clipboard icon to the right of the Value field.
19. Navigate back to your Lucid tab and paste the secret value into the Client
Secret field.
20. Type a nickname value into the Application Name field.
21. Click Next.

Step 2: Create a Custom Role

1. In the “New AD Application” modal, click Download Permission JSON to
download the JSON permission file.

2. Navigate to your Azure browser tab, and click Subscriptions on the home
screen
3. Click on one of your Subscriptions you’d like to import.
4. Click on Access Control (IAM).
5. Click +Add and then Add custom role.
6. Select the Start from JSON option and upload the JSON permission file that
you downloaded from the Lucid tab to your computer.
7. Enter a value into the Custom role name field that helps you identify it as
the role for Lucidscale and click Next.
8. On the Permissions page, click Next.
9. On the Assignable scopes page, click Add assignable scopes.
10. This is where you can add any (or all) of the subscriptions you want to
import to the Lucid Data Hub and visualize within Lucidscale Models. Select
the Subscription from the Subscription drop-down, select the Subscription
from the right-hand menu to add it to the assignable scopes, and then click
Add.
* Follow this same process for any other subscriptions you want to add.
11. Click Next on the Assignable scopes page.
12. Click Next on the JSON page.
13. Click Create on the Review + create page to finish configuring your custom
role.
14. Return to the Subscription that you started in (selected in step #3 above).

Step 3: Role Assignment

1. In the subscription that you started in, click Role Assignments.
2. Click + Add and then Add role assignment.
3. Populate the following values in the rendered “Add role assignment” modal:
1. Role: The custom role you just created.
2. Assign access to: leave default value (“User, group, or service
principal”).
3. Select: The AD application you created previously.

* If your AD app isn’t rendering in the Select field drop-down, try
typing the name of the app you created directly within the Select
field.
4. Click Save to complete the role assignment.

Step 4: Add your AD Application to the Data Hub

1. Navigate back to your Lucid tab and click Next in the “New AD Application”
modal.
2. Click Add Azure AD Application.
3. If everything has been configured correctly, your AD application,
credentials, and subscriptions will be validated to then display the AD
application in the “Saved Credentials” modal.
4. Select the AD application and click Next.

* The AD application will also be displayed in the Data Hub > Azure: Saved
Credentials section.

Step 5: Import subscriptions and create Models

1. Select the subscription(s) you would like to import to the Data Hub and use
to generate a Lucidscale Model.
2. Click Next.
3. On the Subscription Configuration step (detailed above), you can omit chosen
resource types or metadata from your import by deselecting them. Deselected
resource types and metadata will not be imported or rendered in your Model
created from the subscription(s). Click Import Azure Subscription.
4. After completing the import, the subscription will be listed as a data
source in the “Data Hub > Azure: Imported Subscriptions'' section and will
also be listed as an imported Azure subscription in the modal after clicking
+ New > Lucidscale > Azure.

* The subscription will also be displayed in the Data Hub > Azure: Imported
Subscriptions section.
5. Selecting the subscription after clicking + New > Lucidscale > Azure or
opening the three-dot menu in the Data Hub and clicking Create new Model
will start the process of rendering your Azure infrastructure associated
with the account as a diagram in a new model’s workspace. Before you create
a new model, you can add Filters to exclude unnecessary resources.

6. Select Create Azure Model to begin generating the model in the background of
your Lucid Homepage. We will notify you once it has been rendered through
the status modal that appears in the bottom-right of the page.

IMPORT VIA AZURE MANAGEMENT GROUP

To import your Azure infrastructure via Azure Management Group and render a
Lucidscale Model, follow these steps:

Step 1: Register a new application

6. Click Create a new AD Application.

7. Select Global Azure Application or Azure Government Application depending
on where your Azure instance resides. Leave this tab open so we can return
to it later.

Step 2: Create a Custom Role

1. In the “New AD Application” modal, click Download Permission JSON to
download the JSON permission file.
2. Navigate to your Azure browser tab and browse to "Management Groups".
3. Select the management group you want to have in scope for the AD
application.
4. Click Access Control (IAM).
5. Click + Add and select Add custom role.
6. Select Start from JSON and upload the JSON permission file that you
downloaded from the Lucid tab to your computer.
7. Enter a value into the Custom role name field that helps you identify it as
the role for Lucidscale and click Next.
8. On the Permissions page, click Next.
9. On the Assignable scopes page, click Add assignable scopes.
10. Select the type as “Management Group '' and select the target management
group you want in scope for Lucidscale.
* If step 10 is completed correctly, you will be able to import all the
subscriptions within your management group into Lucidscale.
11. Click Next on the Assignable scopes page.
12. Click Next on the JSON page.
13. Click Create on the Review + create page to finish configuring your custom
role.
14. Return to the Management Group you started in.

Step 3: Role Assignment

1. In the Management Group that you started in, click Role Assignments.
2. Click + Add and then Add role assignment.
3. Populate the following values in the rendered “Add role assignment” modal:
1. Role: The custom role you just created.
2. Assign access to: leave default value (“User, group, or service
principal”).
3. Select: The AD application you created previously.

* If your AD app isn’t rendering in the Select field drop-down, try
typing the name of the app you created directly within
the Select field.
4. Click Save to complete the role assignment.

IMPORT VIA AZURE CLI

Install Python if you don't have it already. Instructions can be found here.
Ensure that you check the option “Add Python to PATH” in the installer. You can
verify that Python was properly installed by trying the commands “python” or
“python 3” in a terminal (MAC OS) or Command Prompt (Windows).

1. On the Lucid Home Page, click + New.
2. Hover your cursor over Lucidscale.
3. Select Azure.
4. Choose to create a Model from an existing Azure subscription or select Open
Data Hub to import and render a new subscription.
5. After selecting Open Data Hub, click + New Subscription and select Azure
CLI Script.

6. Select Global Azure Application or Azure Government Application depending
on where your Azure instance resides. Leave this tab open so we can return
to it later.

7. Install the Azure CLI.
8. Click Download requirements.txt.
9. Run the following command: pip3 (pip) install -r requirements. This will
install the necessary Azure packages that enable the Lucidscale script to
generate a JSON file for your import.
10. On your terminal, run the command az login. Running this command gives the
Azure SDK access to the Active Directory. If you would like to import a
different directory, please switch the Active Directory in the Azure portal
and re-run az login.
11. Click Download azurecliscript.py
12. Browse to the downloaded location of the script, and run the command:
python3 (python) azurecliscript.py --subscriptions “subscription id 1”
“subscription id 2”.
13. Return to your Lucid tab and upload the azure.json generated from the
script by clicking Choose File and selecting it.
14. Click Next.
15. Specify an alias name for your subscription if you’d like.

16. Click Next.
17. After completing the import, the subscription will be listed as an
“Imported” Azure subscription in the modal after clicking + New >
Lucidscale > Azure.

* The subscription will also be displayed in the Data Hub > Azure: Imported
Subscriptions section.

18. Selecting the subscription after clicking + New > Lucidscale > Azure or
opening the three-dot menu in the Data Hub and clicking Create new Model
will start the process of rendering your Azure infrastructure associated
with the account as a diagram in a new model’s workspace. Before you create
a new model, you can add Filters to exclude unnecessary resources.

19. Select Create Azure Model to begin generating the model in the background
of your Lucid Homepage. We will notify you once it has been rendered
through the status modal that appears in the bottom-right of the page.

DATA HUB - MANAGE YOUR AZURE INFRASTRUCTURE DATA AND CREDENTIALS

IMPORTED SUBSCRIPTIONS

After importing your Azure subscription data, it will be listed as a data source
with the subscription name you specified in the Data Hub > Azure: Imported
Subscriptions section. From this section you can also click + New Subscription
to import a new subscription to the Data Hub. Subscriptions listed in this
section are data sources that can be used to create new Lucidscale models.

The Cloud Inventory of each subscription can be seen on the right-hand side
after selecting a subscription from the list. This inventory allows you to see a
full count of each type of resource that has been imported before even creating
a model. You can also download a CSV with the list of resources and count
directly from the Data Hub by clicking Download CSV.

If you click the three-dot menu rendered on a subscription, you will see up to
six potential options: Create new Model, Update Subscription from Azure,
Schedule update, Edit resources, Rename Subscription, and Delete Subscription.

Create new Model will start rendering your Azure infrastructure associated with
the subscription as a diagram in a new model’s workspace. Your model will be
generated in the background of your Lucid Homepage and you’ll be notified once
it has been rendered through the status modal that appears in the bottom right
of the page.

Update Subscription from Azure and Schedule update will allow you to manually or
automatically update the Azure subscription data you have imported to the Data
Hub to reflect any changes in the connected Azure subscription. New models
created from the subscription after the update will reflect any changes in the
connected Azure subscription.

Learn more: Refer to our Update and sync data in Lucidscale article to learn
more.

Edit resources will allow you to edit the resources included in each dataset.
Selecting this option will open up a modal in which you can add or remove any
resources from your existing datasets. When you’ve finished with the selection,
click Save and update Subscription. This will ensure that the dataset refreshes
and models referencing that dataset are updated to the latest information.

Rename Subscription will allow you to change the name of the selected dataset.

Delete Subscription will remove the imported subscription from the Lucid Data
Hub and any models created from that subscription would lose the ability to
update data from Azure.

Note: The options displayed above will vary depending on the import method
you’ve used for a subscription. The update option is only available with AD
Application import. CLI imports do not support this option.

SAVED CREDENTIALS

The Saved Credentials section in Data Hub > Azure will list the AD applications
you can use to import your Azure subscriptions to the Data Hub. From this
section you can click + New AD application to add a new set of credentials that
can be used to import an Azure Subscription.

You can also share the AD applications you have created with other users. If you
click the three-dot menu rendered on an AD application, you will see two
potential options: Share credential and Delete credential.

Share credential will open a modal that allows you to share an AD application
you created with another user on your Lucid account by specifying their email
address. Granting them access to the AD application will allow them to import
the associated Azure subscription(s) to the Data Hub and create Lucidscale
Models. After a credential has been shared with another user, you can revoke
their access to the credential by clicking the X next to their email address in
the same modal.

Delete credential will remove your AD application from the Data Hub. After
deleting a credential, all subscriptions that were previously imported with that
credential along with Models created from those subscriptions would lose the
ability to update data from Azure.

Learn more: You can only share credentials in the Data Hub that you own. Only
Lucidscale users assigned a Creator license can import accounts and create
Models. For more details check out our Cloud Provider Credentials article.

SECURITY INFORMATION

Azure AD Application

Azure AD application is the preferred method from Azure for managing digital
identities for both external and on-premises applications.

This method allows Lucidscale to securely store credentials that allow you to
easily import and refresh your diagram.

See these resources for more information:

* What is application management?
* Quickstart: Register apps with Microsoft identity platform

Secure, Limited Access

We request limited, read-only access permission for the Azure AD Application you
create. The permissions are defined within the custom role you tie to your
application. A custom role created with these permissions cannot change settings
in your Azure architecture or read data in your databases. We only use the AD
Application to read the structural metadata of your Azure infrastructure. We
only read from subscriptions that you grant us access to; you can control that
by limiting the scope of the custom role attached to the AD application assigned
to Lucidscale.

CLI Script Alternative

If you wish to review and control the actions we take during our Azure
infrastructure scan, you can download and use our provided Python script instead
of creating an Azure AD application. In this scenario, your credentials will
never be passed to Lucidscale, and you can review both the code that will run in
your environment and the resulting metadata before uploading the metadata to
Lucidscale. Your imported JSON will be accessible in the Lucid Data Hub to use
for creating Lucidscale Models.

Safe Storage of Documents (Models)

Lucidscale stores Azure imported metadata and generated Models using industry
standard protections for confidential data. Imported Azure data is embedded as
part of the Lucidscale Model, so you can control access to the data using
Lucid’s standard sharing permissions. For additional information regarding how
we protect your documents, please refer to our Content Security page or contact
our sales team.

FREQUENTLY ASKED QUESTIONS

Once Lucidscale is purchased, will every user on the account have access?

If you are an existing Lucid customer (currently have a Lucidchart or Lucidspark
subscription), depending on your licensing settings it is possible not all users
on the account will have access to Lucidscale by default. An account admin may
need to assign the Lucidscale licenses purchased to individual users or groups
through the Users section of the Admin Panel in the same manner as Lucidchart
and Lucidspark. Users added to an account that only has a Lucidscale Team
subscription (no current Lucidchart or Lucidspark subscriptions) will be
automatically assigned either a Creator or Explorer license depending on which
licenses have been purchased. For instructions on how to grant licenses, check
out The Admin Panel: License Settings article.

How does Lucidscale get access to our Azure environment? What level of access
does Lucidscale have?

The recommended method from Lucidscale and Azure is through an Azure AD
Application. We provide a policy which gives us “describe and list” access to
your environment so we can get an inventory of resources.

We also have a method using a python script you can run through the Command Line
Interface (CLI) which generates a JSON file. Users can then upload this JSON
file to Lucidscale and not populate any credential information into Lucidscale.

What APIs does Lucidscale access?

We primarily use describe and list API endpoints.

Can you choose which metadata (the fields and values shown in the Data panel) is
imported? If not, what metadata is imported?

No, you can't currently choose what metadata is imported. However, we are
looking to create some ability to do that in the future. All metadata from a
describe API call is imported.

Work with Azure Architecture in Lucidscale

Get the Best Performance in Lucidscale

Import and Manage AWS Infrastructure Data

Import and Manage GCP Infrastructure Data

DID YOU FIND WHAT YOU WERE LOOKING FOR?

STILL HAVE A QUESTION OR WANT TO SHARE WHAT YOU HAVE LEARNED? VISIT OUR
COMMUNITY TO GET HELP AND COLLABORATE WITH OTHERS.

Supported Resources and LinesImport Your InfrastructureSubscription
ConfigurationImport via AD Application (Recommended)Import via Azure Management
GroupImport via Azure CLIData Hub - Manage Your Azure Infrastructure Data and
CredentialsImported SubscriptionsSaved CredentialsSecurity InformationFrequently
Asked QuestionsRelated Articles

Get Started

* Contact Sales
* Get Support

Products

* Lucidspark
* Lucidchart
* Lucidscale

Solutions

* Digital transformation
* Cloud migration
* New product development
* View more

Resources

* Customers
* Partners
* Affiliates
* Developers
* Security
* Help Center
* Learning Campus

Company

* About Us
* Mission
* Leadership
* Newsroom
* Careers

Deutsch English ✓Español Français Italiano Nederlands Polski Português svenska Русский 日本語 한국어

English
PrivacyLegalCookies

lucidscale.zendesk.com Open in urlscan Pro 104.16.51.111 Public Scan

Form analysis 1 forms found in the DOM

GET /hc/en-us/search?

Text Content

lucidscale.zendesk.com Open in urlscan Pro
104.16.51.111 Public Scan

Form analysis
1 forms found in the DOM