Connections > Microsoft Azure Data Lake Storage Gen2 connection > Prepare for authentication

Prepare for authentication

You can configure Shared Key, Managed Identity, and Service Principal authentication types to access Microsoft Azure Data Lake Storage Gen2.

Before you configure the authentication, you must create a storage account to use with Microsoft Azure Data Lake Storage Gen2 and create a blob container in the storage account. You can use role-based access control or access control lists to authorize the users to access the resources in the storage account.

You must also register an application in Azure Active Directory to authenticate users to access the Microsoft Azure Data Lake Storage Gen2 account. You can use role-based access control or access control lists to authorize the application.

You must also create an Azure Active Directory web application for service-to-service authentication with Microsoft Azure Data Lake Storage Gen2 and ensure that you have superuser privileges to access the folders or files created in the application.

For more information about these prerequisite tasks, see the Informatica How-To Library article, Prerequisites to create a Microsoft Azure Data Lake Storage Gen2 connection.

After you complete the prerequisite tasks, you need to keep the authentication details handy based on the authentication type that you want to use:

•To use service principal authentication, you need the client ID, client secret, and tenant ID for your application registered in the Azure Active Directory.
•To use shared key authentication, you need the account key for the Microsoft Azure Data Lake Storage Gen2 account.
•To use managed identity authentication, you need the client ID or application ID for your application registered in the Azure Active Directory. Before you get the client ID or application ID, be sure to complete certain prerequisites.

Managed identity authentication

Managed Identity authentication uses managed identities in Azure Active Directory to authenticate and authorize access to Azure resources securely.

Before you use managed identity authentication to connect to Microsoft Azure Data Lake Storage Gen2, be sure to complete certain prerequisites.

1Create an Azure virtual machine.
2Install the Secure Agent on the Azure virtual machine.
3Enable system assigned identity or user assigned identity for the Azure virtual machine.

If you enable both and do not specify the client ID, the system assigned identity is used for authentication.

4After you add or remove a managed identity, restart the Azure virtual machine.