Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Azure Authentication

Azure CLI

The Azure Command Line Interface (CLI) provides command-line tools for managing Azure resources and services. Official site

curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

Dual Account Setup

BRITA uses a dual-account security model to protect resources and maintain proper access control. As a developer, you will have two separate accounts:

  • Normal Account: kreinwasser@brita.net - Use for daily communication, email, and Microsoft Teams. This account has standard user permissions.
  • Admin Account: adm_kreinwasser@brita.net - Use for Azure CLI operations and infrastructure management. This account has extended permissions on Azure resources you need to work with. This account must be secured with MFA (Multi-Factor Authentication).

Daily Login Workflow

Follow this workflow at the start of each workday or after rebooting your machine:

1. Prepare Your Browser Sessions

Keep your normal browser session (using kreinwasser@brita.net) open for email, Teams, and regular work. You’ll use this session to authenticate with the admin account for Azure CLI.

2. Open a Private Browser Window

Open a private/incognito window in your web browser. This ensures clean session isolation from your normal account and prevents accidental cross-account operations.

3. Login with Admin Account

In the private browser window, navigate to the Azure portal or a login page and authenticate with your admin account:

  • Username: adm_kreinwasser@brita.net
  • Password: Your admin account password
  • MFA: Complete the Multi-Factor Authentication challenge when prompted

Keep this private window open and ready.

4. Authenticate via Azure CLI

In your terminal, initiate the Azure login process:

az login

This command will automatically detect that interactive authentication is available and open a login page in your default (normal) browser.

5. Complete Authentication in Private Window

Since the login page opened in your normal browser, copy the URL from your browser’s address bar and paste it into the address bar of your private browser window (the one where you’re already logged in with adm_kreinwasser@brita.net).

This allows the authentication to complete with your admin account credentials while keeping the session separate from your normal account. Your Azure CLI will now be authenticated with the admin account and ready to use.

Tip: If you find it easier, you can simply navigate to portal.azure.com directly in your private window and log in with your admin account.

6. You’re Ready to Work

Your terminal now has access to Azure resources through the admin account. You can proceed with infrastructure operations, deployments, and other Azure CLI commands.

Important Security Reminders

  • Never log in with your admin account in your normal browser session - Always use a private/incognito window to keep accounts separated
  • MFA is mandatory - Your admin account must have MFA enabled for security
  • Don’t share credentials - Your admin account credentials should be known only to you and securely managed
  • Re-authenticate as needed - If your Azure CLI session expires, repeat the login workflow above

Troubleshooting

If you encounter issues during login:

  1. Clear browser cache - In your private window, clear cookies and cache
  2. Check MFA device - Ensure your MFA device is available and working
  3. Verify account spelling - Double-check that you’re using adm_kreinwasser@brita.net (with “adm_” prefix)
  4. Restart the process - If problems persist, start the workflow from step 1

Session Duration

Azure CLI sessions typically remain valid for extended periods, but you may need to re-authenticate if:

  • Your machine reboots
  • You close your private browser window
  • The session expires due to inactivity
  • Azure security policies require re-authentication

When in doubt, simply repeat the login workflow above.