Versions Compared

Old Version 6

changes.mady.by.user Lakshmi Manda

Saved on

compared with

New Version Current

changes.mady.by.user Lakshmi Manda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this Article

Table of Contents
minLevel1
maxLevel5

Overview

Binary Snaps that integrate with Azure Storage Blob service to access Azure resources use the SAS URI or Access key authentication. The SnapLogic platform now supports Managed Identities to authenticate Azure Blob Storage service. Managed Identities are of two types:

  • System assigned managed identity: A resource created and managed by Azure for an Azure resource, such as a virtual machine or a web app, and is mapped to a single virtual machine.

  • User assigned managed identity: Resource created as a stand-alone Azure resource and is mapped with multiple resources.

The procedure of creating Managed identities for a Resource group in the Azure portal and linking them to a Storage account includes the following key steps:

Step 1: Create a Resource group in the Azure portal

Step 2: Create a Storage Account

Step 3: Create a Container in the Storage Account

Step 4: Create a Managed Identity

Step 5: Create a Virtual Machine

Step 6: Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account

Step 7: Link System-Assigned Managed Identity to Virtual Machine and Storage Account

Prerequisites

Create a Resource group in the Azure portal

  1. Log into the Azure portal.

  2. Search for the Resource group from the search bar.

  3. Click Create.

    resource-create.pngImage Modified

  4. Specify the Subscription and Resource group and click Next.

    resource-group.pngImage Modified

  5. Specify the Name and Value of the Resource group and click Next. The Resource group is created, and the details of the Resource group are displayed.

    resource-name-value.pngImage Modifiedresource-validation.pngImage Modified

Create a Storage Account

  1. On the Home page of the Azure portal, search for Storage Account in the search bar.

  2. Click +Create. The Create a storage account page is displayed. Click Next.

    select-checkbox.pngImage Modified

  3. Select the Default to Microsoft Entra authorization in the Azure portal checkbox and click Next.

    select-checkbox.pngImage Modified

  4. Continue to click Next with the default settings until the Storage account validates.

    storage-account-validation.pngImage Modified

  5. Click Create. The Storage account deploys successfully.

    storage-account-deployment.pngImage Modified

Create a Container in the Storage Account

  1. Click the Go to resource button on the Deployment completion page.

    go-to-resource.pngImage Modified

  2. Navigate to Containers and click Container.

    container.pngImage Modified

  3. Specify the container name and click Create.

    container-create.pngImage Modified

Create a Managed Identity

User assigned managed identity

  1. On the Home page of the Azure portal, search for Managed Identities in the search bar. The Managed Identities page displays the list of existing Managed Identities.

  2. Click Create.

  3. Specify the resource group you created earlier in Step 1.

  4. Specify the name of the User Assigned Managed Identity in the Name field.

    uami-create.pngImage Modified

  5. Click Next where TERMS appear.

  6. Click Create. The User-assigned Managed Identity is deployed successfully.

    uami-deployment.pngImage Modified

System assigned managed identity

When you create a virtual machine, Azure automatically creates a system-assigned identity associated with the machine.

Create a Virtual Machine

  1. On the home page of the Azure portal, search for Virtual Machine from the search bar.

  2. Click Create.

  3. Select the Resource group created in Step 1.

  4. Specify the name of the virtual machine.

    create-virtual-machine.pngImage Modified

  5. Continue to click Next:<> until the virtual machine validation is passed.

  6. Click Create. The Generate new key pair pop-up appears.

  7. Click the Download private key and create resource button. The deployment is completed.

    download-private-key.pngImage Modified

The private key is not stored and cannot be retrieved if you miss to download the private key.

  1. Click the Go to resource button.

    go-to-resource-button.pngImage Modified

Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account

  1. Navigate to Security > Identity in the left navigation pane.

    identity.pngImage Modified

  2. Click the User assigned option.

    user-assigned.pngImage Modified

  3. Click Add.

    uami-click-add.pngImage Modified

  4. Select the Managed identity (that you have created earlier in Step 4) from the User assigned managed identities list.

    add-uami.pngImage Modified

A single virtual machine can have multiple user-assigned managed identities assigned to it.

  1. Click Add. The identity is added to the virtual machine.

  2. Navigate to Home.

  3. Select the Storage account created in Step 2.

  4. Click Access Control (IAM) in the left navigation.

    access-control-iam.pngImage Modified

  5. Click Add>Add role assignment.

    add-role-assignment.pngImage Modified

  6. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.

    storage-blob-contributor.pngImage Modified

  7. Click Next.

  8. Choose the Managed identity option in the Assign access to field.

  9. Click Select members in the Members field. The Select managed identities dialog box appears on the left.

  10. Select the User-assigned managed identity option in the Managed identity field.

  11. Select the name of the User-assigned managed identity created in Step 4.

    select-manage-identities.pngImage Modified

  12. Click Select. The User-assigned Managed identity is added to the Storage account.

  13. Click Next until the Scope appears.

  14. Click Review + assign.

Info

The following steps, 19 through 22, are optional. They verify whether the role has been assigned as expected.

  1. Click the Check access tab to check the added role.

  2. Click Managed identity in the Check access box.

  3. Select the User-assigned managed identity in the Managed identity field.

  4. Select the name of the user-assigned managed identity. The current role assignments appear.

    current-role-assignments.pngImage Modified

  5. Navigate to the User-assigned managed identity created in Step 4 from the search bar to obtain the client ID.

    uami-client-id.pngImage Modified

You must use the above client ID in the Azure Storage Account for User assigned managed identity authentication.

Link System-Assigned Managed Identity to Virtual Machine and Storage Account

  1. Navigate to Home.

  2. Navigate to Identity under the Security tab on the left navigation.

  3. Select the System assigned tab on the top.

    system-assigned.pngImage Modified

  4. Select On for Status.

  5. Click Save. The Enable system assigned managed identity pop-up appears.

    enable-system-assigned-managed-identity.pngImage Modified

6. Click Yes. A system-assigned managed identity is restricted to one per resource and is tied to the lifecycle of this resource.

  1. Navigate to Home.

  2. Select the storage account created in Step 2.

  3. Click Access control (IAM) in the left navigation.

    access-control-iam.pngImage Modified

  4. Click Add>Add role assignment.

...

  1. add-role-assignment.pngImage Added

  2. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.

    storage-blob-contributor.pngImage Modified

...

  1. Click Next.

...

  1. Choose the Managed identity option in the Assign access to field.

...

  1. Click Select members in the Members field. The Select managed identities box appears on the left.

...

  1. Select All system-assigned managed identities in the Managed identity field.

    system-assigned-managed-identities.pngImage Modified

...

  1. Select the name of the virtual machine created in Step 5.

...

  1. Click Select.

...

Specify the values required to create a successful Binary Azure Storage Account.

  1. Navigate to the Binary Snap of your choice and configure the Binary Azure Storage Account.

    azure-storage-account.pngImage Removed

  • You must provide the Client ID for the user-assigned managed identity. When you select the system-assigned managed identity for the Managed identity field, no client ID is required.

  • You must run the Snap account in the Snaplex created in the virtual machine.

...

  1. Click Review + assign.

    Image Modified

...

Configure Azure Storage Account with Managed Identity

User assigned managed identity

  1. Choose the Auth type as Managed Identity.

  2. Choose User assigned managed identity for Managed identity.

  3. Specify the Client ID obtained after creating User assigned managed Identity in the Azure portal.

    azure-storage-account.pngImage Added

 

System assigned managed identity

  1. Choose the Auth type as Managed Identity.

  2. Choose System assigned managed identity for Managed identity.

    system-assigned-managed-identity.pngImage Added

The System assigned managed identity does not require a Client ID because the resource (virtual machine) is created and managed by Azure.

  1. Click Apply.

Binary Snaps configured with Azure Storage Account that uses Managed identity must be executed on a Snaplex hosted on the Azure virtual machine.

 

Related content: