This article provides information for Sitecore users or partners on how to request access to Microsoft Azure Cloud resources, their types, and restrictions in Sitecore Managed Cloud.
The following information might be required to submit a request:
- Information about the slot.
- Information about the deployment.
- User data, and mailboxes for specialists who need to give or remove access.
Important note: Access is not granted for non-corporate mailboxes according to the Sitecore access policy.
There are currently 2 types of architecture that you can access upon request in this section, such as:
- Sitecore Managed Cloud Web Applications architecture
- Sitecore Managed Cloud Containers architecture
- Access to Azure infrastructure for Technical Specialists:
- Access to Resource Group level with Contributor role.
It grants full access to manage all resources but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints and no access to Azure Cost Management.
- Access to a subscription with Reader role.
It allows viewing all resources but does not allow making any changes and access to Azure Cost Management.
- Access to Azure infrastructure for Service Principal:
You can assign a particular role to access Azure resources for service principals for easier automation of code deployment and other operations. Customers might request a Service Principal with the Contributor role on the Resource Group level to use it for different automation scenarios:
- Non-interactive login for automation scripts
- Azure DevOps authorization
- Other automation and CI/CD tools authorization
Note that credentials for connection and operation of the Service Principal are provided in your request after it has been completed by a Sitecore engineer.
When requesting the Sitecore Managed Cloud Containers environment in Sitecore Support and Self-Service Portal, it is required to identify your users for the three different security roles by specifying their email addresses. Sitecore assigns the relevant access rights for each role. For users to develop for and manage Managed Cloud deployments, they must be assigned one of the following security roles for that Sitecore Managed Cloud deployment:
- DevOps engineer
- System administrator
- Developer.
For more details on the differences between roles, refer to The Managed Cloud security roles.
Notes:
- You can assign a particular role to access Azure resources for people in your or your partner's organization.
- For more than 10 email addresses, it is required to submit another service request.
- When requesting access for a user with a Sitecore email address, it should be submitted separately. Email addresses using the Sitecore domain (like xyz@sitecore.com) cannot be combined with other email domains and must therefore be submitted via a separate service request.