Managed identity authentication authenticates using identities that are assigned to applications in Azure to access Azure resources in Microsoft Azure Data Lake Storage Gen2.

When you create a Microsoft Azure Data Lake Storage Gen2 connection, select the Azure virtual machine on which you have installed the Secure Agent. If you enable system assigned identity, assign the required role or permissions to the Azure virtual machine to run the mappings and tasks. If you enable user assigned identity, assign the required role or permissions to the user assigned identity. For example, if you use role-based access control, assign the Storage Blob Data Contributor role and if you use access control lists, assign the read, write, and execute permissions.

The following table describes the basic connection properties for managed identity authentication:

Property	Description
Client ID	The client ID of your application. To use managed identity authentication, specify the client ID for the user-assigned managed identity. Leave the field blank in the following scenarios: If the permission is provided by system-assigned managed identity. If there is no system-assigned identity but only a single user-assigned managed identity.
File System Name	The name of the file system in the Microsoft Azure Data Lake Storage Gen2 account.
Directory Path	The path of a directory without the file system name. You can select from the following directory structures: / for root directory /dir1 dir1/dir2 Default is / .
Adls Gen2 End-point	The type of Microsoft Azure endpoints. Select one of the following endpoints: core.windows.net. Connects to Azure endpoints. core.usgovcloudapi.net. Connects to US government Microsoft Azure Data Lake storage Gen2 endpoints. core.chinacloudapi.cn. Connects to Microsoft Azure Data Lake storage Gen2 endpoints in the China region. Default is core.windows.net. You cannot configure the Azure Government endpoints for mappings in advanced mode.