Azure installations can be complex due to the amount of effort required to get an Azure API key.

Please follow the guide below carefully in order to link Nova to your Azure account, and remember you can ask our support staff for assistance if needed.


Azure backends currently support service discovery on instances by tag. We will automatically discover any tags you have created, allowing you to select from a dropdown.


Azure connections are challenging due to the large number of settings required. We have a full guide available below.

Get your subscription ID

  1. Go to Subscriptions:

Azure Subscriptions

  1. Copy your Subscription ID and keep that:

Azure Subscription ID

Create an app registration

  1. Go to Azure Active Directory:

Azure Active Directory

  1. Go to App registrations

Azure App Registrations

  1. New registration, remember the name for RBAC permissions

Azure New App Registration

  1. Account Type - Accounts in this organizational directory only

Azure New App Account Type

Get your client and tenant ID

  1. Go to Overview for your new App registration

  2. Find the "Application (client) ID" and keep that

  3. Find the "Directory (tenant) ID" and keep that

Azure Client Tenant ID

Create a certificate/secret pair

  1. Go to certificates and secrets for this registration

Azure Certificates Secrets

  1. Add a New client secret set an appropriate expiry time

Azure Client Secret Add

PLEASE NOTE: When your Secret Key expires you will lose the ability to deploy new nodes. Existing nodes will continue to work. It is recommended to set the expiry time as far out as possible.

  1. Copy the Secret Value and ID immediately, you will not be able to retrieve these at a later stage.

Azure Client Secret Copy

RBAC permissions

  1. Go to Subscriptions

Azure Subscriptions

  1. Select your subscription

Azure Subscription Select

  1. Navigate to Access control (IAM)

Azure Access Control

  1. Click Add role assignment

Azure Add Role Assignment

  1. Select the role to be "Contributor"

In the "Select" box search for your app registration name and select that (it may not show by default).

Azure Select Role Assignment

  1. Click Save

Create a resource group

Now we need to create a Resource Group, Security Group and Virtual Network (Subnet) to deploy our Nova nodes.

Please note that you will have the option to select various regions. It is important that you do the next steps for each region you would like Nova to be able to deploy in.

  1. Select Resource groups

Azure Select Resource Groups

  1. Create a new resource group.

Azure Resource Group

  1. Create a resource group. Select the subscription used earlier. Take note of the Region as this is where your Nova nodes will be deployed. Take note of the Resource Group Name as it will be needed during the cloud connection phase of Nova.

Azure Create Resource Group

  1. Validate your resource group and create.

Create Virtual network

  1. Select your newly-created resource group and create a new resource.

Azure Create Resource

  1. Search for Virtual network and select it.

Azure Virtual Network Search

  1. Click on Create.

Azure Virtual Network Create

  1. Select the resource group and region for the Virtual Network. Note: the region should stay consistent. You can leave the rest of the settings on default and continue by clicking Review + create.

Azure Virtual Network Region

Azure Virtual Network Review

  1. Wait for the validation to pass and click Create.

Azure Virtual Network Validate

  1. Wait for the Virtual Network to start.

Azure Virtual Network Start

Create a network security group

  1. Select your newly created resource group and create a new resource.

Azure Create Resource

  1. Select the Network security group resource.

Azure Select Network Security Group

Azure Create Network Security Group

  1. Select the Resource group and region specified in your Virtual Network.

Azure Network Security Group Region

  1. Select review + create. Wait for validation to finish and click on create. When the deployment is complete you can go to resource group to edit security settings.

Azure Network Security Group Review

Azure Network Security Group Edit

Add SSH access for your Nova nodes

  1. Edit the Security group's Inbound security rules.

Azure Network Security Group Inbound

  1. Create a new inbound rule to allow SSH access to your Nova nodes.

Azure Network Security Group Inbound Add

Note: Add further inbound rules according to your workload

Connect Nova to your Azure resource group

Finally, connect your Nova account to the newly created resource group using the information gathered in the previous steps.

Azure New Cloud Connection

Client ID = Application (client) ID

Azure Client ID 1

Azure Client ID 2

Client Secret = Secret ID value

Azure Client Secret 1

Azure Client Secret 2

Tenant ID = Directory (tenant) ID

Azure Tenant ID 1

Azure Tenant ID 2

Subscription ID = Subscription ID

Azure Subscription ID 1

Azure Subscription ID 2

Resource Group Name = Resource Group Name

Azure Resource Group Name 1

Azure Resource Group Name 2