NOTE: The option to manage cloud accounts is available to Colony Administrators only. 

To allow CloudShell Colony to provision cloud infrastructure on your behalf in your Azure cloud account, you need to grant CloudShell Colony permission to access your Azure account. You can remove this permission at any point directly from your Azure Portal.

Granting CloudShell Colony the permission to access your Azure account is done through a short authentication process, during which CloudShell Colony creates a slim management layer that keeps your data safe.

The authentication process is done by running a shell script, in your Azure account, which creates the following resources:

1. Active Directory Application – This Active Directory application entry has a Contributor role and is configured to access the Azure CLI. It will be used for all communication between CloudShell Colony and your Azure account.
2. Storage Account – This storage account is used for keeping your virtual machines safe. CloudShell Colony uses it to store certificates that are required in order to access your virtual machines. The certificates are kept only in your own account. 
3. Managed identity – This managed identity provides the Sidecar component with secured access to Azure services. 

NOTE: Part of the following procedure is performed in Azure Portal.

To add an Azure cloud account:

1. In the Administration area, click the Cloud Accounts tab.
2. Click +Add Cloud Account. 
3. Select Azure. 
4. Login to the Microsoft Azure Portal with your administrator permissions and do the following:
   1. From the Azure top-right navigation pane, launch CloudShell to run Azure’s interactive shell.
      The Shell pane opens.
   2. If this is the first time you are running CloudShell, follow Azure’s instructions and create a storage account.
   3. In CloudShell, click the dropdown menu and select the Bash environment.
   4. Copy the following shell commands, paste them into Azure's shell, and then press Enter on your keyboard:
      

      curl https://raw.githubusercontent.com/cloudshell-colony/setup/master/production/azure.sh  > colony.sh && 
      chmod +x colony.sh && 
      ./colony.sh

      The script is running. Please wait until it completes and a token is provided.

   5. Copy the token to your clipboard. 
5. Return to CloudShell Colony's tab and do the following:
   1. Enter a name for the cloud account in the Cloud Account Name field.
   2. Paste the copied token into the Token field. 
6. Click Authenticate. 

Deleting an Azure Cloud Account

You can remove CloudShell Colony's permission to access your Azure account at any time, directly from your Azure Portal. To learn how to delete your Azure cloud account, see Deleting your Azure Cloud Account.