If you’re like me and you sign into Azure using your Microsoft account (MSA) then you’ll need an organization account to login to the Azure CLI for managing new Azure functionality (the good ol azure account import with a .publishsettings file doesn’t work for that stuff).
Fortunately, creating one of these is easy.
Start by going to the Azure Legacy Portal and navigating to Azure Active Directory (it should be near the bottom).
You should see a default directory that has been created for you. If not, create one.
Select your default directory, and go to Users at the top.
You should see your own user account there, and it will most likely say it’s a Microsoft Account.
On the bottom bar click the “Add User” button and the add user menu will come up.
Enter the following information to create the user (substituting where appropriate)
- For “Type of User” select “New user in your organization”
- Select a user name that describes the purpose, and a domain for the user. I used the default domain created for your Azure account which will look like `<somethingLikeYourEmail>@onmicrosoft.com`
- Enter in a name for the user. I Just used “CLI” and “User”
- Select the Role. I was using this user to login to the Azure CLI to manage the subscription, so I selected “Service Admin”
- Get a temporary password for the user, copy it somewhere, and then click the checkmark to create the user.
Management permissions
If you plan on using this user to manage your subscription then you’ll have to assign them to it. To do this go to “Settings” at the very bottom left of the Azure management site.
Go to the “Administrators” tab along the top, and select “Add” at the bottom. Type in the email address of the user you created (it should look something like <userName>@<somethingLikeYourEmail>.onmicrosoft.com). When you add it you should see the active directory icon pop up. Click the checkmark to save.
The last step to using the user in your CLI is to sign in once from the browser, as the user is created with a temporary password. In another browser, or in a private browser window go to the https://portal.azure.com and sign in as the user using the email address and password created for you. You’ll be prompted to change the password.
Login to the Azure CLI
Now you’re finally ready to login to the Azure CLI with your ORGID account!
Simply use the azure login command with your new email address, enter your password, and you’re set!
azure login -u "<new account email>"
[…] that you will need to be logged into an Azure ORGID Account in the Azure CLI, and the CLI must be in resource manager mode. To do this […]