Step 9. Create a managed identity to access sources and targets (optional)
To use managed identity authentication when you connect to a source or target, create a user-assigned managed identity that grants access to the data.
1Create a managed identity named <data source>_access_identity.
2Assign the Azure built-in role Storage Blob Data Contributor to <data source>_access_identity, and set the scope of the access to the storage account, resource group, or resource that contains your data.
3Assign <data source>_access_identity to the Secure Agent machine.
4In the resource group that contains your data, allow the Secure Agent managed identity and the cluster service principal to access the data. Assign the built-in role Managed Identity Operator to agent_identity and cluster_principal.
Alternatively, to limit the permissions given to the managed identities, you can create a custom role rather than using Managed Identity Operator. Assign the following permissions to the custom role:
Note: In the connection properties, ensure that you set Client ID to the client ID of <data source>_access_identity. For more information, see Connections.