Prerequisites to Create a Microsoft Azure Data Lake Storage Gen2 Connection

Prerequisites to Create a Microsoft Azure Data Lake Storage Gen2 Connection

Registering an Application in Azure Active Directory

Registering an Application in Azure Active Directory

Register a new application in Azure Active Directory to authenticate access to the storage account.
  1. Log in to the Azure portal.
  2. Click
    Azure Active Directory
    .
  3. In the
    Manage
    section, click
    App registrations
    .
  4. Click
    New registration
    to create a new Azure Active Directory application.
  5. On the
    Register an application
    page, enter the details for the new application.
    1. In the
      Name
      field, enter the application name.
    2. In the
      Redirect URI
      section, select
      Web
      as the type of the application and enter the URL of the application.
    3. Click
      Register
      .
      The details of the newly created Azure Active Directory application page are displayed.
  6. In the Manage section, click
    Certificates & secrets
    section.
  7. Click
    New client secret
    .
  8. In the
    Add a client secret
    page, perform the following steps:
    1. Enter a name for the client secret in the
      Description
      field.
    2. In the
      Expires
      field, you can select the duration of the key as
      Never
      (Recommended).
    3. Click
      Add
      .
    4. The value of the key is generated and displayed in the
      Value
      field.
      You must copy the key value as you cannot retrieve the value once you leave the page. Ensure that the client secret does not contain special characters.
  9. In the Manage section, click
    Owners
    .
  10. Click
    Add owner
    .
  11. In the
    Search
    field, search for the owner name or email address that you used to login to Azure portal.
  12. Select the owner name or email address and click
    Select
    .
  13. In the Manage section, click
    API permissions
    .
    The configured permissions are displayed.
  14. Click
    Add a permission
    .
    The
    Request API permissions
    page appears.
  15. In the Microsoft APIs section, click
    Azure Storage
    .
  16. Select
    Delegated permissions
    as the type of permissions.
  17. Select
    Access Azure Storage
    from the listed permissions.
  18. Click
    Add permissions
    .
  19. In the
    Configured permissions
    , select
    Azure Active directory
    and ensure that the
    Sign in and read user profile
    option is enabled in the
    Delegated permissions
    section.
    If
    Azure Active directory
    is not listed under the
    Configured permissions
    , perform the following steps:
    1. Click
      Add a permission
      .
      The
      Request API permissions
      page appears.
    2. In the Microsoft APIs section, click
      Azure Active Directory Graph
      .
    3. Select
      Delegated permissions
      as the type of permissions.
    4. Select
      Sign in and read user profile
      from the listed permissions.
  20. Go to the home page and in the Storage Account section, select the Microsoft Azure Data Lake Storage Gen2 account that you created.
  21. Click
    Access control (IAM)
    Add
    .
  22. In the
    Add role assignment
    page, provide the
    Storage Blob Data Contributor
    or the
    Storage Blob Data Reader
    role to the application.
    To write to or delete Azure Storage containers and blobs, you must have the Contributor role either at the storage account level or the container level.

0 COMMENTS

We’d like to hear from you!