> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useparagon.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Managed Azure

> Configure your managed Paragon instance on Azure.

## Overview

[Paragon](https://www.useparagon.com/) allows customers the option of self-hosting Paragon on your own infrastructure. All the resources live in your AWS, Azure, or GCP, and data never leaves your cloud.

We additionally offer a Managed On-Premise solution that almost 100% of our on-prem customers use at no additional cost. In this model, our enterprise team will take care of deploying, configuring, and managing your installation to offload 100% of developer time while providing the security and transparency of owning the resources and confidence that other resources in your Azure account are inaccessible.

### Security

We use the principle of least privileged access to grant the Paragon installer the access it needs to create and manage resources in your account. For Azure customers, we recommend a combination of Azure Tenants, Azure Subscriptions, and RBAC (role-based access control). With this method:

* a new tenant is created on your Azure account with resources created belonging to that tenant and separate from all other resources
* a new subscription is created to associate all Paragon resources created within that tenant
* a role is created to manage resources in the subscription for that tenant and provided to the installer

Using this method, extra redundancies are put in place that ensures Paragon can only interact with the intended resources while providing a means for you to transparently view all resources created, separate billing to manage the resources while being connected to a parent account, and have super user access for all resources created.

## Setup

We’ll need 4 values to install Paragon.

* Tenant Id
* Subscription Id
* Client Id
* Client Secret

### Directions

1. Login to your Azure portal as an admin.

2. Create a tenant.

   a. Search `Azure Active Directory` in the search bar, navigate to your **Azure Active Directory**, and click the **Manage tenants** tab.

   b. Click **+ Create.**

   c. Select **Azure Active Directory** as the tenant type in the **Basics** tab.

   d. Click the **Configuration** tab.

   e. Enter `Paragon` as the Organization name.

   f. Enter a domain name with `paragon` and your organization’s name, i.e. `paragongoogle`. The domain must be alphanumeric.

   g. Click the **Review + create** tab.

   h. Click the **Create** button to create the tenant.

   i. Search `Azure Active Directory` in the search bar, navigate to your **Azure Active Directory**.

   j. ⭐️ Copy the text in the *Overview* section next to *Tenant ID*. This is the **Tenant Id.** ⭐️

3. Create a subscription under the tenant.

   a. Switch to your default Azure directory. You can do this by clicking your account in the top right corner and clicking **Switch directory.**

   b. Search `Subscriptions` in the search bar, and navigate to your **Subscriptions**.

   c. Click **+Add**

   d. In the **Basics** tab, enter `Paragon` for the Subscription name.

   e. Click the **Advanced** tab and select the new tenant you created for the Subscription directory.

   f. Click the **Review + create** tab.

   g. Confirm the name of the subscription is correct in the *Basics* section and the correct tenant is selected in the *Advanced* section.

   h. Click **Create**.

   i. ⭐️ Copy the id of the subscription. This is the **Subscription Id.** ⭐️

4. Create credentials for the Paragon installer.

   a. Switch to the new Paragon directory. You can do this by clicking your account in the top right corner and clicking **Switch directory.**

   b. Search `Azure Active Directory` in the search bar, navigate to your **Azure Active Directory**, and click the **App registrations** tab.

   c. Click **+ New registration.**

   d. Enter `Paragon Installer` for the name of the application.

   e. Select `Accounts in this organizational directory only` for the access type.

   f. Leave the *Redirect URI (optional)* field empty.

   g. Click **Create** to create the application.

   h. ⭐️ Save the text next to *Application (client) ID*. This is the **Client Id**. ⭐️

   i. Click **Add a certificate or secret** next to *Client credentials*.

   j. Click **+ New client secret** to create a new secret.

   k. Enter `Paragon Installer` for the description.

   l. Select `24 months` for *Expires.*

   m. Click **Add** to create the secret.

   n. ⭐️ Save the text under the *Value* column. This is the **Client Secret**. ⭐️

5. Give the new *Paragon Installer* application access to manage the newly created subscription.

   a. Search `Subscriptions` in the search bar, and navigate to your **Subscriptions**.

   b. Click the newly created *Paragon* subscription.

   c. Click **Access control (IAM)** in the left sidebar.

   d. Click **+ Add** and select **Add role assignment**.

   e. Search `Contributor` and click **View** on the right side.

   f. Click **Select role** at the bottom of the sidebar that opened.

   g. Click the **Members** tab and click **+ Select members**.

   h. Search `Paragon Installer` and select the application.

   i. Click the **Select** button at the bottom of the sidebar.

   j. Click **Review + assign** to assign the role.

## Next Steps

Once all of this is done, provide us with these four values, and we’ll set up your installation!

If you have any questions, email [enterprise@useparagon.com](mailto:enterprise@useparagon.com) for help.