superplanehq · Tamiru-Alemnew · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/docs/components/Microsoft Azure.mdx b/docs/components/Microsoft Azure.mdx
@@ -0,0 +1,203 @@
+---
+title: "Microsoft Azure"
+---
+
+Manage and automate Microsoft Azure resources and services
+
+## Triggers
+
+<CardGrid>
+  <LinkCard title="Azure • On VM Created" href="#azure-•-on-vm-created" description="Triggers when a new Virtual Machine is successfully provisioned in Azure" />
+</CardGrid>
+
+import { CardGrid, LinkCard } from "@astrojs/starlight/components";
+
+## Actions
+
+<CardGrid>
+  <LinkCard title="Azure • Create Virtual Machine" href="#azure-•-create-virtual-machine" description="Creates a new Azure Virtual Machine with the specified configuration" />
+</CardGrid>
+
+## Instructions
+
+## Azure Workload Identity Federation Setup
+
+To connect SuperPlane to Microsoft Azure using Workload Identity Federation:
+
+### 1. Create or Select an App Registration
+
+1. Go to **Azure Portal** → **Azure Active Directory** → **App registrations**
+2. Create a new registration or select an existing app
+3. Note the **Application (client) ID** and **Directory (tenant) ID**
+
+### 2. Configure Federated Identity Credential
+
+1. In your app registration, go to **Certificates & secrets** → **Federated credentials**
+2. Click **Add credential**
+3. Select **Other issuer**
+4. Configure the credential:
+   - **Issuer**: The SuperPlane OIDC issuer URL (provided after creation)
+   - **Subject identifier**: `app-installation:<integration-id>` (provided after creation)
+   - **Audience**: The integration ID (provided after creation)
+   - **Name**: `superplane-integration` (or any descriptive name)
+
+### 3. Grant Required Permissions
+
+Assign appropriate Azure RBAC roles to your app registration:
+
+- **Virtual Machine Contributor** - For VM management
+- **Network Contributor** - For network resource management
+- **Storage Account Contributor** - For storage operations (if needed)
+- **EventGrid Contributor** - For Event Grid subscriptions
+
+You can assign these roles at the subscription or resource group level.
+
+### 4. Complete the Connection
+
+Enter the following information below:
+- **Tenant ID**: Your Azure AD tenant ID
+- **Client ID**: Your app registration's client ID
+- **Subscription ID**: Your Azure subscription ID
+
+SuperPlane will use Workload Identity Federation to authenticate without storing any credentials.
+
+<a id="azure-•-on-vm-created"></a>
+
+## Azure • On VM Created
+
+The On VM Created trigger starts a workflow execution when a new Azure Virtual Machine is successfully provisioned.
+
+### Use Cases
+
+- **Automated configuration**: Run configuration scripts on newly created VMs
+- **Compliance checks**: Verify that new VMs meet security and compliance requirements
+- **Inventory tracking**: Update external inventory systems when VMs are created
+- **Notification workflows**: Send notifications to teams when new VMs are provisioned
+- **Cost tracking**: Log VM creation events for cost analysis and reporting
+
+### How It Works
+
+This trigger listens to Azure Event Grid events for Virtual Machine resource write operations.
+When a VM is successfully created (`provisioningState: Succeeded`), the trigger fires and
+provides detailed information about the new VM.
+
+### Configuration
+
+- **Resource Group** (optional): Filter events to only trigger for VMs created in a specific
+  resource group. Leave empty to trigger for all resource groups in the subscription.
+
+### Event Data
+
+Each VM creation event includes:
+
+- **vmName**: The name of the created virtual machine
+- **vmId**: The full Azure resource ID of the VM
+- **resourceGroup**: The resource group containing the VM
+- **subscriptionId**: The Azure subscription ID
+- **location**: The Azure region where the VM was created
+- **provisioningState**: The provisioning state (typically "Succeeded")
+- **timestamp**: The timestamp when the event occurred
+
+### Azure Event Grid Setup
+
+**Important**: This trigger requires manual setup of an Azure Event Grid subscription.
+
+1. **Create an Event Grid System Topic** (if not already created):
+   - Go to Azure Portal → Event Grid System Topics
+   - Create a new topic for your subscription
+   - Topic Type: "Azure Subscriptions"
+   - Select your subscription
+
+2. **Create an Event Subscription**:
+   - In your Event Grid System Topic, create a new Event Subscription
+   - **Event Types**: Select "Resource Write Success"
+   - **Filters**: 
+     - Subject begins with: `/subscriptions/<subscription-id>/resourceGroups/`
+     - Subject ends with: `/providers/Microsoft.Compute/virtualMachines/`
+   - **Endpoint Type**: Webhook
+   - **Endpoint**: Use the webhook URL provided by SuperPlane for this trigger node
+
+3. **Validation**: Azure Event Grid will send a validation event to verify the endpoint.
+   SuperPlane will automatically respond to this validation request.
+
+### Notes
+
+- The trigger only fires for successfully provisioned VMs (`provisioningState: Succeeded`)
+- Failed VM creations do not trigger the workflow
+- The trigger processes events from Azure Event Grid in real-time
+- Multiple triggers can share the same Event Grid subscription if configured correctly
+
+### Example Data
+
+```json
+{
+  "location": "eastus",
+  "operationName": "Microsoft.Compute/virtualMachines/write",
+  "provisioningState": "Succeeded",
+  "resourceGroup": "my-rg",
+  "subscriptionId": "12345678-1234-1234-1234-123456789abc",
+  "timestamp": "2026-02-11T10:30:00Z",
+  "vmId": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachines/my-vm-01",
+  "vmName": "my-vm-01"
+}
+```
+
+<a id="azure-•-create-virtual-machine"></a>
+
+## Azure • Create Virtual Machine
+
+The Create Virtual Machine component creates a new Azure VM with full configuration options.
+
+### Use Cases
+
+- **Infrastructure provisioning**: Automatically create VMs as part of deployment workflows
+- **Development environments**: Spin up temporary VMs for testing and development
+- **Auto-scaling**: Create VMs in response to load or events
+- **Disaster recovery**: Quickly provision replacement VMs
+
+### How It Works
+
+1. Validates the VM configuration parameters
+2. Initiates VM creation via the Azure Compute API
+3. Waits for the VM to be fully provisioned (using Azure's Long-Running Operation pattern)
+4. Returns the VM details including ID, name, and provisioning state
+
+### Configuration
+
+- **Resource Group**: The Azure resource group where the VM will be created
+- **Name**: The name for the new virtual machine
+- **Location**: The Azure region (e.g., "eastus", "westeurope")
+- **Size**: The VM size (e.g., "Standard_B1s", "Standard_D2s_v3")
+- **Admin Username**: Administrator username for the VM
+- **Admin Password**: Administrator password for the VM (must meet Azure complexity requirements)
+- **Network Interface ID**: Optional existing NIC. Leave empty to create NIC from selected VNet/Subnet.
+- **Image**: The OS image to use (publisher, offer, SKU, version)
+
+### Output
+
+Returns the created VM information including:
+- **id**: The Azure resource ID of the VM
+- **name**: The name of the VM
+- **provisioningState**: The provisioning state (typically "Succeeded")
+- **location**: The Azure region where the VM was created
+- **size**: The VM size
+
+### Notes
+
+- The VM creation is a Long-Running Operation (LRO) that typically takes 2-5 minutes
+- The component waits for the VM to be fully provisioned before completing
+- The admin password must meet Azure's complexity requirements (12+ characters, mixed case, numbers, symbols)
+- If Network Interface ID is empty, a NIC is created automatically from the selected VNet/Subnet
+
+### Example Output
+
+```json
+{
+  "id": "/subscriptions/12345678-1234-1234-1234-123456789abc/resourceGroups/my-rg/providers/Microsoft.Compute/virtualMachines/my-vm",
+  "location": "eastus",
+  "name": "my-vm",
+  "provisioningState": "Succeeded",
+  "size": "Standard_B1s"
+}
+```
+
diff --git a/go.mod b/go.mod
@@ -3,6 +3,11 @@ module github.com/superplanehq/superplane
 go 1.25
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0
 	github.com/aws/aws-sdk-go-v2 v1.41.1
 	github.com/bradleyfalzon/ghinstallation/v2 v2.17.0
 	github.com/casbin/casbin/v2 v2.134.0
@@ -43,11 +48,16 @@ require (
 )
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.2 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.38.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect

diff --git a/go.sum b/go.sum
@@ -52,21 +52,33 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.1/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.1/go.mod h1:uE9zaUfEQT/nbQjVi2IblCG9iaLtZsuYZ8ne+PuQ02M=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.1.0 h1:zDeQI/PaWztI2tcrGO/9RIMey9NvqYbnyttf/0P3QWM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.1.0/go.mod h1:zflC9v4VfViJrSvcvplqws/yGXVbUEMZi/iHpZdSPWA=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 h1:qBlqTo40ARdI7Pmq+enBiTnejZk2BF+PHgktgG8k3r8=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0/go.mod h1:UmyOatRyQodVpp55Jr5WJmnkmVW4wKfo85uHFmMEjfM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1 h1:MyVTgWR8qd/Jw1Le0NZebGBUCLbtak3bJ3z1OlqZBpw=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.1/go.mod h1:GpPjLhVR9dnUoJMyHWSPy71xY9/lcmpzIPZXmF0FCVY=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=