When you connect an Azure subscription to MontyCloud using your own Service Principal, MontyCloud asks you for four details on the Service Principal Details step of the Connect Subscription wizard:

1. Azure Tenant ID
2. Service Principal ID
3. Service Principal Secret
4. Service Principal Secret Expiry Date

This guide shows you exactly where to find each value in the Azure Portal and what to paste into MontyCloud.

Before You Begin

You need:

• Access to the Azure Portal
• A Service Principal (App Registration) that has already been created and given the required permissions
• Permission to view App Registration details in your organization (the Application Developer role or higher)

Haven't created your Service Principal yet? Follow the companion guide "How to Create and Set Up a Service Principal for MontyCloud" first. It walks you through creating the Service Principal, giving it the right permissions, and generating a secret. Come back to this guide once that's done.

A note on names: Microsoft renamed Azure Active Directory to Microsoft Entra ID. They are the same service. Depending on when your portal was last updated, you may see either name — the steps below work for both.

1. Azure Tenant ID

Your Tenant ID identifies your organization's directory in Azure.

1. Sign in to the Azure Portal.
2. In the search bar at the top, type Microsoft Entra ID and select it from the results.
3. On the Overview page, find Tenant ID under the Basic information section.
4. Click the copy icon next to the Tenant ID.
5. Paste it into the Azure Tenant ID field in MontyCloud.
   

2. Service Principal ID

Azure calls this the Application (client) ID. It is the same value MontyCloud calls the Service Principal ID.

1. In the Azure Portal, go to Microsoft Entra ID.
2. In the left-hand menu, select App registrations.
3. Select your application from the list.

• If you don't see it, click the All applications tab. (The default view shows only applications you own.)

1. On your application's Overview page, find Application (client) ID.
2. Click the copy icon.
3. Paste it into the Service Principal ID field in MontyCloud.

3. Service Principal Secret

The secret is the password MontyCloud uses to sign in as your Service Principal.

Important: Azure shows a secret's value only once — at the moment you create it. After that, Azure permanently hides the value (it shows as ••••••). You cannot read an existing secret's value back from the portal.

If you already have your secret saved

Use the secret value you copied and saved when the secret was first created. Paste it into the Service Principal Secret field in MontyCloud.

If you don't have the secret value (or you've lost it)

You'll need to create a new secret. A new secret does not cancel your existing ones — they keep working until they expire.

1. In the Azure Portal, go to Microsoft Entra ID → App registrations → select your application.
2. In the left-hand menu, select Certificates & secrets.
3. Open the Client secrets tab.
4. Click + New client secret.
5. Enter a description (for example, MontyCloud onboarding) and choose an expiry period.
6. Click Add.
7. The new secret appears in the list. Copy the value from the *Value* column right away and save it somewhere safe.
8. Paste the copied value into the Service Principal Secret field in MontyCloud.

Copy the secret value immediately. If you leave this page without copying it, the value is hidden for good and you'll have to create another secret.

4. Service Principal Secret Expiry Date

This is the date your secret stops working. MontyCloud uses it to remind you to update the secret before it expires.

1. In the Azure Portal, go to Microsoft Entra ID → App registrations → select your application.
2. In the left-hand menu, select Certificates & secrets.
3. Open the Client secrets tab.
4. Find your secret in the list and look at the Expires column.
5. Enter that date into the Service Principal Secret Expiry Date field in MontyCloud.

Date format: MontyCloud uses MM/DD/YYYY (month / day / year) for this field — for example, 03/13/2026 means 13 March 2026. If you're used to the day/month/year format common in Europe, double-check the order before you submit.

If you have more than one secret listed, make sure the expiry date you enter is for the same secret whose value you provided in Section 3.

Quick Reference

Once all four fields are filled in, click Validate Credentials in MontyCloud to confirm everything is correct before continuing.

Troubleshooting

"My secret shows `••••••` — I can't see the value." - Azure hides secret values after they're created. You can only use a value you saved at creation time. If you've lost it, create a new client secret (see Section 3 above) and copy the value immediately.

"I don't see *App registrations* in the menu." - You need the Application Developer role (or higher) in Microsoft Entra ID. Ask your Azure administrator to grant it.

"I have several secrets — which one do I use?" - Use any secret that hasn't expired. Just make sure the expiry date you enter in MontyCloud matches the secret whose value you're providing.

"Which expiry period should I pick when creating a new secret?" -  Azure offers 6 months, 12 months, 24 months, or a custom period. MontyCloud will remind you before your secret expires so you have time to update it.

"Validation failed after I entered everything."

• Double-check there are no extra spaces before or after the values you pasted.
• Confirm the expiry date matches the correct secret.
• If it still fails, your Service Principal may be missing some required permissions. See the setup guide, "How to Create and Set Up a Service Principal for MontyCloud," to review the permissions, then try again.

Need Help?

If you run into any issues, contact MontyCloud support at support@montycloud.com.