In this Article

Overview

Binary Snaps that integrate with Azure Storage Blob service to access Azure resources use the SAS URI or Access key authentication. The SnapLogic platform now supports Managed Identities to authenticate Azure Blob Storage service. Managed Identities are of two types:

• System assigned managed identity: A resource created and managed by Azure for an Azure resource, such as a virtual machine or a web app, and is mapped to a single virtual machine.

• User assigned managed identity: Resource created as a stand-alone Azure resource and is mapped with multiple resources.

The procedure of creating Managed identities for a Resource group in the Azure portal and linking them to a Storage account includes the following key steps:

Step 1: Create a Resource group in the Azure portal

Step 2: Create a Storage Account

Step 3: Create a Container in the Storage Account

Step 4: Create a Managed Identity

Step 5: Create a Virtual Machine

Step 6: Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account

Step 7: Link System-Assigned Managed Identity to Virtual Machine and Storage Account

Prerequisites

• To assign Azure roles, you must have:

  • Microsoft.Authorization/roleAssignments/write permissions, such as Role Based Access Control Administrator or User Access Administrator. Learn more.

Create a Resource group in the Azure portal

1. Log into the Azure portal.

2. Search for the Resource group from the search bar.

3. Click Create.

   Open

   

4. Specify the Subscription and Resource group and click Next.
   
   

   Open

   

5. Specify the Name and Value of the Resource group and click Next. The Resource group is created, and the details of the Resource group are displayed.
   
   

Create a Storage Account

1. On the Home page of the Azure portal, search for Storage Account in the search bar.
   
   

2. Click +Create. The Create a storage account page is displayed. Click Next.

3. Select the Default to Microsoft Entra authorization in the Azure portal checkbox and click Next.

4. Continue to click Next with the default settings until the Storage account validates.

5. Click Create. The Storage account deploys successfully.

    

Create a Container in the Storage Account

1. Click the Go to resource button on the Deployment completion page.

2. Navigate to Containers and click Container.

3. Specify the container name and click Create.

Create a Managed Identity

User assigned managed identity

1. On the Home page of the Azure portal, search for Managed Identities in the search bar. The Managed Identities page displays the list of existing Managed Identities.

2. Click Create.

3. Specify the resource group you created earlier in Step 1.

4. Specify the name of the User Assigned Managed Identity in the Name field.

5. Click Next where TERMS appear.

6. Click Create. The User-assigned Managed Identity is deployed successfully.

System assigned managed identity

Create a Virtual Machine

1. On the home page of the Azure portal, search for Virtual Machine from the search bar.

2. Click Create.

3. Select the Resource group created in Step 1.

4. Specify the name of the virtual machine.

5. Continue to click Next:<> until the virtual machine validation is passed.

6. Click Create. The Generate new key pair pop-up appears.

7. Click the Download private key and create resource button. The deployment is completed.

8. Click the Go to resource button.

Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account

1. Navigate to Security > Identity in the left navigation pane.

2. Click the User assigned option.

3. Click Add.

4. Select the Managed identity (that you have created earlier in Step 4) from the User assigned managed identities list.

5. Click Add. The identity is added to the virtual machine.

6. Navigate to Home.

7. Select the Storage account created in Step 2.

8. Click Access Control (IAM) in the left navigation.

9. Click Add>Add role assignment.

10. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.

11. Click Next.

12. Choose the Managed identity option in the Assign access to field.

13. Click Select members in the Members field. The Select managed identities dialog box appears on the left.

14. Select the User-assigned managed identity option in the Managed identity field.

15. Select the name of the User-assigned managed identity created in Step 4.

16. Click Select. The User-assigned Managed identity is added to the Storage account.

17. Click Next until the Scope appears.

18. Click Review + assign.

19. Click the Check access tab to check the added role.

20. Click Managed identity in the Check access box.

21. Select the User-assigned managed identity in the Managed identity field.

22. Select the name of the user-assigned managed identity. The current role assignments appear.

23. Navigate to the User-assigned managed identity created in Step 4 from the search bar to obtain the client ID.

Link System-Assigned Managed Identity to Virtual Machine and Storage Account

1. Navigate to Home.

2. Navigate to Identity under the Security tab on the left navigation.

3. Select the System assigned tab on the top.

4. Select On for Status.

5. Click Save. The Enable system assigned managed identity pop-up appears.

6. Click Yes. A system-assigned managed identity is restricted to one per resource and is tied to the lifecycle of this resource.

7. Navigate to Home.

8. Select the storage account created in Step 2.

9. Click Access control (IAM) in the left navigation.

10. Click Add>Add role assignment.

11. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.

12. Click Next.

13. Choose the Managed identity option in the Assign access to field.

14. Click Select members in the Members field. The Select managed identities box appears on the left.

15. Select All system-assigned managed identities in the Managed identity field.

16. Select the name of the virtual machine created in Step 5.

17. Click Select.

18. Click Review + assign.

Configure Azure Storage Account with Managed Identity

2. Click Apply.

Related content:

• About managed identities

• Azure Storage Account