Hygiara
Sign In
Documentation / Connections And Credentials

Connections And Credentials

Adding A Connection

How to add a reusable Azure connection to the organization, step by step.

What this page is for

This page walks through adding a reusable Azure connection to the organization, step by step.

When to use it

Use this when:

  • a project will need repeat reviews
  • you want to stop relying on pasted tokens
  • you are setting up a clean, reusable access path for a project

How to do it

Step 1 — Open the connection modal

  1. Go to Connections in the left navigation.
  2. Click New Connection.

The Add Connection modal opens.

Add Connection modal — step 1

Step 2 — Fill in the connection details

You will see two sections in the form:

Connection Details

  • Friendly name — give the connection a recognisable label (for example: "Contoso Production"). This is what you will see when selecting a connection in the review modal.

Azure Credentials

  • Tenant ID — the Azure Active Directory tenant ID for the environment.
  • Client ID — the application (client) ID of the service principal.
  • Client Secret — the secret value for the service principal.

All four fields are required. The Next button stays disabled until they are all filled in.

Step 3 — Validate subscriptions

Click Next. Hygiara will:

  1. Authenticate using the credentials you provided.
  2. Discover the subscriptions accessible to the service principal.
  3. Show you the subscription list.

Add Connection modal — subscriptions step

Review the subscription list to confirm the service principal has the access you expect.

Step 4 — Configure options

The final step controls optional behaviour for the saved connection.

  • Continuous scanning — enables scheduled weekly scans for this connection.
  • WAF Rule Set — chooses which Well-Architected rules continuous scans use. The selector is searchable and shows whether a rule set contains all rules or a smaller custom set.

Add Connection modal — options step

Click Save Connection to finish.

What Hygiara is doing

The validation step is the most important part. Hygiara checks that the supplied credentials can actually authenticate and discover subscriptions. This gives you a clear signal before the next review runs, rather than discovering a credential problem mid-run.

What to expect

Once saved, the connection appears on the Connections page and becomes available in the review modal. It does not automatically queue a review unless you are using the dashboard first-report onboarding path. If continuous scanning is enabled, Hygiara can use the saved options for future scheduled scans.

Common mistakes

  • Adding a connection when a one-off access token would be enough
  • Skipping the validation step and wondering why reviews fail later
  • Using a service principal that has read access to some subscriptions but not others (the connection will validate, but those subscriptions won't appear in scope)

What permissions does the service principal need?

The service principal needs at minimum Reader access at the subscription level for any subscriptions you want to include in reviews.

If you are not sure how to create a service principal or where to find your Tenant ID, Client ID, and Client Secret, see Azure permissions — it covers the full setup step by step.

Next step