Azure Data Lake Storage Gen2 Service Account Connectivity

Learn to configure Azure Data Lake Storage Service Account connectivity with Azure AD.

• Azure administrator configuration
• Collect connection information for database role creation

Azure Administrator Configuration

The following section refers to the configuration steps on Azure for the Service Account authentication method.

Create and Configure the Application

1. Go to the Microsoft Azure Portal and authenticate.

2. Navigate to Azure Active Directory.

   

3. From the left menu, click App registrations.

   

4. Click the New Registration menu.

5. Complete the following required information.

   • Name: Provide a name for your application.
   • Supported account type: Select the Account is the organizational directory only (Microsoft Gateways only - Single tenant) option.

Grant Permission for the Application to Access Azure Storage

Grant permission to the created application so that it can read Azure Storage content.

1. Go to the storage account that will be accessed.

2. From the left menu, click Access Control (IAM) > Role assignments.

   

3. In the upper left, click Add.

4. In the Add role assignment dialog, complete the required fields.

   • Role: Select the Storage Blob Data Reader option.
   • Assign access to: Select User, group, or service principal option.

   • Select: Enter the name of the application that you just created.

5. Click Save. The newly created assignment appears in the Role assignment tab.

Collect Connection Information to Create a Database Role

The following parameters are required to access Azure Database Lake Storage via Service Account authentication.

Parameter Name	Description	How to Find It
Tenant ID	The Tenant ID of your Azure Active Directory.	Azure Portal > Azure Active Directory service
Client ID	The ID of the application registered in Create and Configure the Application.	Azure Portal > Azure Active Directory service > App Registrations, click on your registered app
Client Secret	The secret of the application registered in Create and Configure the Application.	Upon app registration, a secret is generated. To generate a new secret, go to your app > Manage > Certificates & secrets, click New client secret
Azure Storage Account	The storage account you want to access and give permission to the app.
Container	The container of the storage account you want to access.