When you connect an Azure subscription to MontyCloud using your own Service Principal, MontyCloud asks you for four details on the Service Principal Details step of the Connect Subscription wizard:

  1. Azure Tenant ID
  2. Service Principal ID
  3. Service Principal Secret
  4. Service Principal Secret Expiry Date

This guide shows you exactly where to find each value in the Azure Portal and what to paste into MontyCloud.

 

Pre-requisites

  • Access to the Azure Portal
  • A Service Principal (App Registration) that has already been created and given the required permissions
  • Permission to view App Registration details in your organization (the Application Developer role or higher)


Haven't created your Service Principal yet? Follow the companion guide How to Create and Set Up a Service Principal for MontyCloud to understand Service Principal, right permissions, and generating a secret. 


Note: Microsoft renamed Azure Active Directory to Microsoft Entra ID. They are the same service. Depending on when your portal was last updated, you may see either name — the actions below work for both.

 

1. Azure Tenant ID

Your Tenant ID identifies your organization's directory in Azure.

  1. Sign in to the Azure Portal.
  2. Type and select Microsoft Entra ID.
  3. On the Overview page, find Tenant ID under the Basic information section.
  4. Copy and paste the Tenant ID into the Azure Tenant ID option in MontyCloud.

 

2. Service Principal ID

Azure terms this the Application (client) ID. It is the same value MontyCloud terms as the Service Principal ID.

  1. In the Azure Portal, go to Microsoft Entra ID.
  2. In the left-hand menu, select App registrations.
  3. Select your application from the list. If the application is not listed, select the All applications tab. (The default view displays only applications you own.)
  4. Select Overview > Application (client) ID.
  5. Select copy and paste the Service Principal ID in MontyCloud.

 

3. Service Principal Secret

The secret is the password MontyCloud uses to sign in as your Service Principal.

Important: Azure shows a secret's value only once — at the moment you create it. After that, Azure permanently hides the value (it shows as ••••••). You cannot read an existing secret's value back from the portal.

If you already have your secret saved

Use the secret value you copied and saved when the secret was first created. Paste it into the Service Principal Secret field in MontyCloud.

If you do not have the secret value or lost it

You must create a new secret. A new secret does not cancel your existing ones — they keep working until they expire.

  1. In the Azure Portal, go to Microsoft Entra IDApp registrations → select your application.
  2. Select Certificates & secrets > Client secrets tab.
  3. Select + New client secret.
  4. Enter a description (for example, MontyCloud onboarding) and choose an expiry period.
  5. Select Add.
  6. The new secret appears in the list. Copy the value from the *Value* column right away and save it somewhere safe.
  7. Paste the copied value into the Service Principal Secret field in MontyCloud.

Copy the secret value immediately. If you leave this page without copying it, the value is hidden for good and you'll have to create another secret.


4. Service Principal Secret Expiry Date

This is the date your secret stops working. MontyCloud uses it to remind you to update the secret before it expires.

  1. In the Azure Portal, go to Microsoft Entra ID > App registrations > select your application.
  2. Select Certificates & secrets > Client secrets tab.
  3. Find your secret in the list and look at the Expires column.
  4. Enter that date into the Service Principal Secret Expiry Date field in MontyCloud.

Date format: MontyCloud uses MM/DD/YYYY (month / day / year) for this field — for example, 03/13/2026 means 13 March 2026. If you use the DD/MM/YYYY format common in Europe, double-check the order before you submit.

If you have more than one secret listed, make sure the expiry date you enter is for the same secret whose value you provided in Section 3.

 

Quick Reference

MontyCloud Field

Where to Find It in the Azure Portal

Azure Tenant ID

Microsoft Entra ID → Overview → Tenant ID

Service Principal ID

Microsoft Entra ID → App registrations → [your app] → Overview → Application (client) ID

Service Principal Secret

Microsoft Entra ID → App registrations → [your app] → Certificates & secrets → Client secrets → Value (shown only when first created)

Service Principal Secret Expiry Date

Microsoft Entra ID → App registrations → [your app] → Certificates & secrets → Client secrets → Expires

 

Select Validate Credentials in MontyCloud to confirm the correctness of data.

 

Troubleshooting

"My secret shows `••••••` — I can't see the value." - Azure hides secret values after they're created. You can only use a value you saved at creation time. If you've lost it, create a new client secret (see Section 3 above) and copy the value immediately.

"I don't see *App registrations* in the menu." - You need the Application Developer role (or higher) in Microsoft Entra ID. Ask your Azure administrator to grant it.

"I have several secrets — which one do I use?" - Use any secret that hasn't expired. Just make sure the expiry date you enter in MontyCloud matches the secret whose value you're providing.

"Which expiry period should I pick when creating a new secret?" -  Azure offers 6 months, 12 months, 24 months, or a custom period. MontyCloud will remind you before your secret expires so you have time to update it.

"Validation failed after I entered everything."

  • Double-check there are no extra spaces before or after the values you pasted.
  • Confirm the expiry date matches the correct secret.
  • If it still fails, your Service Principal may be missing some required permissions. Follow the companion guide How to Create and Set Up a Service Principal for MontyCloud to review the permissions, then try again.

 

Need Help?

If you run into any issues, contact MontyCloud support at support@montycloud.com.