How to Enable Developer Portal in Azure Portal

To enable the Developer Portal in the Azure Portal, you'll need to create a new instance of the Developer Portal. This can be done by navigating to the Azure Portal and clicking on the "Marketplace" button.

The Developer Portal is a customizable web application that allows developers to access and manage APIs, documentation, and other resources.

To create a new instance, click on the "Create" button and search for "Developer Portal" in the marketplace. Select the "Developer Portal" option and click on the "Create" button to begin the setup process.

You can then configure the settings for your Developer Portal, such as the instance name, resource group, and location.

To enable the developer portal in Azure Portal, you'll need to meet some essential prerequisites.

First and foremost, you'll need an Azure DevOps service principal with the necessary permissions to create and manage resources in Azure. This service principal should be equipped with the right permissions to get the job done.

To be more specific, this service principal should have at least the following permissions:

To set up app registration, you'll need to create an app registration with PowerShell and grant it the necessary permissions to access the API Management service. This is the first step in enabling the Developer Portal.

You can configure the Developer Portal to use Microsoft Entra ID by creating an app registration. This will allow users to sign in with their Microsoft Entra account.

To create the app registration, you'll need to use the following Bicep code to add the Aad identity provider to the API Management service. This will enable the Developer Portal to use Microsoft Entra ID for authentication and authorization.

Here are the steps to manually enable Microsoft Entra application and identity provider:

To complete the app registration, you'll need to register an app in Active Directory. This will give you the Application (client) ID, which you'll need to paste into the Client ID box in the Add identity provider window.

You'll also need to create a client secret, which you'll use to authenticate the app registration. To do this, select the New client secret button under Client secrets and copy the client secret value before leaving the page.

To enable the Developer Portal in Azure Portal, you'll need to set up the app registration for the Developer Portal. This involves using Azure Active Directory (Azure AD / Microsoft Entra ID) for authentication and authorization.

You can configure the Developer Portal to use Microsoft Entra ID by creating an app registration with PowerShell and granting it the necessary permissions to access the API Management service.

To register the app registration with the API Management service, you'll need to use Bicep code to add the Aad identity provider to the API Management service. This will enable the Developer Portal.

The app registration needs to be registered with the API Management service to enable the Developer Portal.

To enable the developer portal in the Azure portal, you need to set up a developer portal instance. You can do this by going to the Azure portal and navigating to the Developer Portal section.

First, create a new instance of the developer portal by clicking on the "New" button. This will prompt you to select the subscription and resource group for your new instance.

Choose a subscription and resource group for your developer portal instance, and then click on the "Review + create" button to review the settings.

In the "Review + create" section, review the settings for your developer portal instance, including the instance name, resource group, and subscription.

Once you're satisfied with the settings, click on the "Create" button to create the developer portal instance.

After creating the developer portal instance, navigate to the "Overview" section to view the instance's details, including the instance name, resource group, and subscription.

You can also view the instance's resource usage and costs in the "Usage + estimates" section.

To manage the developer portal instance, navigate to the "Settings" section and click on the "Developer portal settings" button.

In the "Developer portal settings" section, you can configure settings such as the instance name, resource group, and subscription.

To enable a secure developer portal, you can require users to sign in to access the portal. By default, the portal enables anonymous access, but you can change this setting to require users to sign in.

You have several options for user sign-up and sign-in, including basic authentication with API Management user accounts, Microsoft Entra ID or Azure AD B2C accounts, or delegating authentication to an existing website.

To simplify the configuration, API Management can automatically enable a Microsoft Entra application and identity provider for users of the developer portal. Alternatively, you can manually enable the Microsoft Entra application and identity provider.

Here are the steps to manually enable Microsoft Entra application and identity provider:

After enabling the Microsoft Entra application and identity provider, users in the specified Microsoft Entra tenant(s) can sign into the developer portal by using a Microsoft Entra account.

Creating a client secret is a crucial step in authenticating with the API Management service. You can use the following command to create a client secret for the app registration.

To create a client secret, you'll need to register an app in Active Directory. This involves navigating to App registrations in the Azure portal and selecting New registration.

The Register an application page has specific values to set: Application name, Redirect URI, and Supported account types. Make sure to set these values correctly.

After registering the application, copy the Application (client) ID from the Overview page. This will be used later in the process.

You can manage the Microsoft Entra configuration on the Developer portal > Identities page in the portal. This is where you can update the Client secret before it expires.

Here's a summary of the steps to create a client secret:

Implementing a content security policy is a crucial step in securing your developer portal. Enabling a content security policy helps mitigate certain types of attacks including cross-site scripting and data injection.

You can enable a content security policy by navigating to your API Management instance in the Azure portal. In the left menu, under Developer portal, select Portal settings.

To do this, follow these steps:

By specifying trusted locations, you can allow the developer portal to load resources from your corporate website or other trusted domains.

User authentication is a crucial aspect of security, and the developer portal offers several options to manage user sign-up and sign-in.

By default, the developer portal enables anonymous access, but you can require users to sign in to access the portal by enabling a website setting.

There are three options for user sign-up and sign-in: basic authentication using API Management user accounts, requiring users to sign up or sign in with a Microsoft Entra ID or Azure AD B2C account, or delegating authentication to an existing website.

You can enable user sign-in using Microsoft Entra ID, which simplifies the configuration process.

To do this, navigate to the Portal overview page and select Enable user sign-in with Microsoft Entra ID.

Alternatively, you can manually enable the Microsoft Entra application and identity provider.

After enabling Microsoft Entra, users in the specified instance can sign into the developer portal using their Microsoft Entra account.

You can manage the Microsoft Entra configuration on the Identities page in the portal.

Here are the steps to manually enable Microsoft Entra:

By following these steps, you can enable user sign-in using Microsoft Entra ID and manage the configuration on the Identities page.

You can control what developers see on your developer portal by managing groups of users and applying visibility and access controls. This allows you to make certain products and APIs visible only to specific groups of developers.

To manage visibility and access, you can use built-in groups or create custom groups to suit your needs. Products are first made visible to groups, and then developers in those groups can view and subscribe to the products associated with the groups.

You can also control how other portal content appears to different users based on their identity. For example, you might want to display certain pages only to users who have access to a specific product or API.

Visibility and access controls are supported only in the managed developer portal, not in the self-hosted portal.

To control access to specific pages or elements, select the gear icon next to the page name on the Pages tab to edit the settings, or select the Change access icon when editing page content.

The developer portal automatically hides buttons or navigation items that point to pages a user doesn't have access to, and attempts to access unauthorized pages result in a 404 Not Found error.

Here are some key steps to control access: