Connections > Microsoft Azure Data Lake Storage Gen2 connection > Prepare for authentication
  

Prepare for authentication

You can configure Shared Key, Managed Identity, and Service Principal authentication types to access Microsoft Azure Data Lake Storage Gen2. Before you configure the authentication, you need to set up your environment and keep the authentication details handy.

Create storage account and configure access

To access Microsoft Azure Data Lake Storage Gen2, follow these steps to set up your environment:
  1. 1Set up a storage account to use with Microsoft Azure Data Lake Storage Gen2 and create a blob container in the storage account. You can use role-based access control or access control lists to authorize users to access the resources in the storage account.
  2. 2Register the application in Azure Active Directory to authenticate users to access the Microsoft Azure Data Lake Storage Gen2 account. You can use role-based access control or access control lists to authorize the application.
  3. 3Create an Azure Active Directory web application for service-to-service authentication with Microsoft Azure Data Lake Storage Gen2. Ensure that you have superuser privileges to access the folders or files created in the application.
    4. For more information about these prerequisite tasks, see the Informatica How-To Library article, Prerequisites to create a Microsoft Azure Data Lake Storage Gen2 connection.

Get authentication details

Ensure you get all the required authentication details based on the authentication method you want to use in the connection:
Service principal authentication
You need the client ID, client secret, and tenant ID for your application registered in the Azure Active Directory.
Shared key authentication
You need the account key for the Microsoft Azure Data Lake Storage Gen2 account.
Managed identity authentication
You need the client ID or application ID for your application registered in the Azure Active Directory. Before you get the client ID or application ID, be sure to complete certain prerequisites.

Managed identity authentication

Managed Identity authentication uses managed identities in Azure Active Directory to authenticate and authorize access to Azure resources securely.
Before you use managed identity authentication to connect to Microsoft Azure Data Lake Storage Gen2, be sure to complete certain prerequisites.
  1. 1Create an Azure virtual machine.
    2. To configure managed identity authentication in a Microsoft Azure Data Lake Storage Gen2 connection, select the Azure virtual machine on which you have installed the Secure Agent.
  2. 2Install the Secure Agent on the Azure virtual machine.
  3. 3Enable system assigned identity or user assigned identity for the Azure virtual machine.
    4. If you enable system assigned identity, assign the required role or permissions to the Azure virtual machine to run mappings and tasks. If you enable user assigned identity, assign the required role or permissions to the user assigned identity. For example, if you use role-based access control, assign the Storage Blob Data Contributor role and if you use access control lists, assign the read, write, and execute permissions. If you enable both and do not specify the client ID, the system assigned identity is used for authentication.
  4. 4After you add or remove a managed identity, restart the Azure virtual machine.