How to do basic Azure CLI login in Resource Manager mode

0
votes

As an Azure beginner, I am attempting to configure a basic Ubuntu VM. I started with creating an account by drilling in from the http://azure.microsoft.com page's "Try it for free" link. I successfully created an account and can see the admin console at https://portal.azure.com. I then installed the latest node.js based CLI (0.10.1 on Mac OS X).

I downloaded a .publishsettings file using azure account download and successfully loaded it with azure account import. I can now see my account when I azure account list (the name is "Free Trial" and Current is "true").

I then put the CLI into resource manager mode via azure config mode arm. This is because my goal is to create my basic VM using this 101-vm-simple-linux resource manager template. To do so, I am following along with the instructions at Resource Manager template walkthrough.

My attempts to use the azure command line tool yield this error:

Your current subscription was likely created from a publishsettings file and will not work under arm mode. You can fix it by running either 'azure login' or 'azure accout set'

When I do as requested, I get essentially the same error message from the login command itself:

% azure login -u 'the account id I just signed up with' info: Executing command login Password: *************** Authenticating... error: Interactive login is required. Use 'azure login' to interactively login. info: Error information has been recorded to /Users/kent/.azure/azure.err error: login command failed

Can somebody tell me how I can successfully login with the Azure CLI so that I can continue?

3
azureazure-resource-managerazure-cli

3 Answers

1
votes

You will get this error if you are trying to authenticate using the Microsoft Account (such as [email protected]) you used to create your Azure Subscription.

You need to add an organizational user (or service principal) to the Azure Active Directory for your Azure tenant. Instructions on how to do this are available here.

Then, make this user a co-administrator on your subscription. To do this, in the old portal (manage.windowsazure.com), click Settings in the left navigation (located at the very bottom). In the Settings page click on the Administrators tab. Then, click Add at the bottom of the page to add the user you created previously as an administrator on the subscription.

enter image description here

Now, you can use the user identity of this organizational user to sign-in from CLI. For example:

azure login -u [email protected]

More information about this scenario and other ways to authenticate from CLI are available here.

0
votes

Type 'azure login' this will then prompt you with url and device code. Enter that into the website, then you should be able to login with 'azure login -u email-address'

0
votes

I'd like to add to this since --username or -u has multiple uses.

The -u also works with a service principal. Service principals are useful when you have a task running with no user interaction.

With the Azure CLI 2.0 this would work with the following command:

az login --service-principal -u "${clientId}" -p "${clientSecret}" -t "${tenantId}"

You can get these variables by creating an Active Directory application.

Here's the --help output from the Azure CLI 2.0 for the login command:

 Command
    az login: Log in to access Azure subscriptions.

Arguments
    --password -p      : User password or client secret. Will prompt if not given.
    --service-principal: The credential representing a service principal.
    --tenant -t        : The tenant associated with the service principal.
    --username -u      : Organization id or service principal.

Global Arguments
    --debug            : Increase logging verbosity to show all debug logs.
    --help -h          : Show this help message and exit.
    --output -o        : Output format.  Allowed values: json, jsonc, table, tsv.  Default: json.
    --query            : JMESPath query string. See http://jmespath.org/ for more information and
                         examples.
    --verbose          : Increase logging verbosity. Use --debug for full debug logs.

Examples
    Log in interactively.
        az login

    Log in with user name and password. This doesn't work with Microsoft accounts or accounts that
    have two-factor authentication enabled.
        az login -u [email protected] -p VerySecret

    Log in with a service principal.
        az login --service-principal -u http://azure-cli-2016-08-05-14-31-15 -p VerySecret --tenant
        contoso.onmicrosoft.com