Deploy Orchestrator as PaaS using Powershell Script

How to Install Orchestrator as PaaS using Powershell script?

Create App Service:

From Azure in the search bar type “App Service” and fill-in the template
  • Select a Resource Group, if none available a new one can be created.
  • Give it a name > it must be unique all over the Azure tenants worldwide
  • Select the Runtime Stack, in this case ASP.NET v4.7 as Orchestrator requires .Net 4.7.2+ version
  • Select a Region, in here the Microsoft Datacenter should be choosed for the App Service to be hosted
  • Select an App Service Plan, is used for price charging purposes and can also be used for Scaling:


Click Review + Create > Azure will evaluate the template and if everything is fine the “Create” button can be hit to deploy the App Service.

Create SQL Server and Database:
From Azure in the search bar type SQL Server and fill-in the template:
  • Give it a name to the Database > must be unique over Azure tenants worldwide
  • Give it an admin Username and Password. Remember this information as will be used later on to connect to the SQL Server and will also be included in the Connection String for the Database


Once the SQL Server is created access it to create a new DataBase, which will be used to deploy Orchestrator:

Give it a name and create it.

Next, get the SQL Connection String:
  • In Azure navigate to Azure SQL server and select SQL databases then select the previously created Database:
Once in the Database select Show database connection strings:


Copy it as will be used for the deployment in Azure App Service. In the Connection String the Password will not be disclosed, instead delete the ‘{your_password}' field and add the Database password. Connection string should look like:
Server=tcp:0rchestrator2024.database.windows.net,1433;Initial Catalog=Orchestrator;Persist Security Info=False;User ID=;Password={your_password};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

Once copied the Connection String, access the previously created App Service > Configuration > New Connection string:
  • Paste the Connection String in the Value field.
  • Name: type Default
  • Type: Select SQLServer


Register the Application in Azure:
Go to Azure Active Directory > App Registrations > New Registration > Give it a name > make sure that “Single Tenant” is selected, unless you would like people from different organizations/Azure Active Directories to also access it > click on register:
  • Copy the Application (Client ID):
  • Create a Client Secret:
Go to the previously created Application (on App registrations) > Certificates & Secrets > New Client Secret:


Give it a name and Select its expiration time > Click Add and copy its value:


Assign a role in the WebApp for the newly created application. To do that, go to WebApp-> Open Access Control(IAM)-> Add Role Assignment -> Search for the application name of the registered app-> Assign the role owner/contributor and save it:




Finally, gather the information to deploy Orchestrator in Azure:
  • Azure Application ID: Can be get from Azure Active Directory > App Registrations > Application client ID
  • Azure Account Password: Can be get from Azure Active Directory > App Registrations > Certificate & Secrets
  • Azure Subscription ID: Go to App Service > check the Subscription ID
  • Azure Account Tenant ID: Go to Azure Active Directory > Properties > Copy the Directory ID
  • Resource Group Name: Could be get from Resource Group Name in Azure or directly from App Service > Resource Group:
  • App Service Name:


Prior to start the deployment from Powershell, add a rule in the SQL Firewall, to allow the Public IP address of the machine to perform changes on SQL:
  • Go to SQL Server in Azure > Set Server Firewall:
  • Add Client IP and save it


As last step build the Powershell command using the specs from here and deploy Orchestrator.