1.0 Introduction
This article describes how to create, manage, and execute Workflows using Azure Confidential Instances (ACI) application in Fortanix Confidential Computing Manager (CCM). It explains how to use the RUN button in the workflow to start application jobs and monitor them. 
2.0 Execute the ACI Application using Azure Service Principal
This section describes how to execute an ACI application in Fortanix CCM using a compute cluster configured with an Azure Service Principal. 
2.1 Prerequisites
Before executing workflows, ensure that compute clusters are configured in Fortanix CCM. A compute cluster is a collection of worker nodes that run containerized applications and is required to execute workflows in Fortanix CCM.
For more information about configuring compute clusters in Fortanix CCM using Azure Service Principal authentication, refer to Section 3.0: Configure the Cluster using Azure Service Principal.
2.2 Create a Cluster
Ensure that a compute cluster is configured in Fortanix CCM using Azure Service Principal authentication. This compute cluster is required to execute workflows in Fortanix CCM.
For more information about configuring a compute cluster using Azure Service Principal authentication, refer to Azure Service Principal with Fortanix Confidential Computing Manager.
3.0 Configure the Cluster using Azure Service Principal
Perform the following steps to configure a compute cluster using Azure Service Principal authentication:
In the CCM user interface (UI) left navigation panel, click Infrastructure → COMPUTE CLUSTERS, and then click ADD CLUSTER to create a compute cluster.
(1).png?sv=2026-02-06&spr=https&st=2026-06-26T18%3A19%3A26Z&se=2026-06-26T18%3A32%3A26Z&sr=c&sp=r&sig=lG0b5PLN8yzRkDBAspDx6MluD%2FQ25d7Qa1V8%2BMoi36A%3D)
Figure 1: Add compute cluster
In the Add Cluster form:
Cluster name: Enter a name for the compute cluster.
Description: Enter a brief description of the cluster.
Type: Select ACI via Service Principal.
Location: Select the Azure region where the deployment will occur. If the required region is not available in the list, select Other and manually enter the region.
ACI configuration:
APP ID: Enter the Azure Active Directory application ID (client ID) used to identify the application.
APP Passcode: Enter the application secret used for authentication.
Tenant ID: Enter the unique identifier of the Azure Active Directory instance (Directory ID).
Subscription: Enter the subscription ID under which the Azure resources are managed.
Resource Group: Enter the Azure resource group used to manage container instances and deployments.
Click ADD CLUSTER to create the compute cluster.
After the cluster is created, it is available for executing workflows that use Azure Service Principal–based compute resources.
4.0 Configure the ACI Application Workflow
Ensure that you have created a workflow using ACI app in the Fortanix CCM UI. For more information, refer to Create, Update, Clone, and Delete Workflows.
Perform the following steps to configure the workflow:
In CCM UI left navigation panel, click Workflows → Approved.
From the list of approved workflows, select a workflow that contains a single application, as Fortanix CCM supports only single-job deployments.
In the workflow details page, RUN remains disabled until the Azure account and deployment location are configured. Click the Settings icon to configure these settings and enable RUN.
In the RUN WORKFLOW form:
Deployment Type: Select Azure Confidential Instances (Single Job) from the drop down menu.
Azure account: Select the configured compute cluster from the drop down menu.
Location: Select the Azure region where the workflow will be deployed.
Click SAVE CONFIGURATION to apply the configuration changes.
After the configuration is saved, RUN becomes enabled.
5.0 Run the ACI Application Workflow
Before running the workflow, ensure that an Image Registry is configured in Fortanix CCM. For more information, refer to Application Build Registry.
A registry containing the application image used in the workflow must be configured in the Fortanix CCM account. During workflow execution, the registry credentials are passed to Azure Container Instances (ACI) to pull the application image.
Perform the following steps to run the ACI workflow application:
Configure the image pull secret.
On the workflow details page, click RUN.
In the RUN WORKFLOW dialog box, verify all configuration parameters, and then click RUN to start workflow execution.
A running indicator appears at the bottom of the workflow page.
Observe the running indicator at the bottom of the workflow.
NOTE
The workflow execution status is not updated in real time. Click the Refresh icon to retrieve the latest execution status from the cluster.
To stop workflow execution, click STOP. RUN becomes enabled again after execution stops.
After successful execution, the execution status appears in the EXECUTION LOG section.
Click View detail to view detailed log information.
The EXECUTION LOG dialog box provides complete execution details. You can also download the log using DOWNLOAD.
NOTE
Executing workflows containing more than one application is not supported in this release. Fortanix CCM supports execution of workflows containing a single application only.
You can also access the generated CSV output file to verify the workflow output data.