In this Article
Overview
Snaps in the Binary Snap Pack use the Azure portal to access endpoint applications. You can use the SAS URI or Access key to authenticate Azure access. However, Managed Identities provide credentialless access to Azure. There are two types of Managed Identities: System-Assigned Managed Identity and User-Assigned Identity. The System-Assigned identity can be mapped to a single virtual machine, whereas the User-Assigned identity can align with multiple resources. This procedure guides you through creating managed identities for a resource group in the Azure portal and linking them to a virtual machine and storage account.
1. Create a resource group in the Azure portal
a. Log into the Azure portal.
b. Navigate to the Resource group from the search bar.
c. Click Create.
d. Specify the Subscription and Resource group and create a resource group.
e. Click Next.
f. Specify the Name and Value of the Resource group.
g. Click Next. The details of the Resource group appear.
2. Create a Storage Account
a. Create a storage account under the resource group created.
b. Select the Default to Microsoft Entra authorization in the Azure portal checkbox.
c. Click Next with the default settings until the Storage account validates.
d. Click Create. The Storage account deploys successfully.
e. Click the Go to resource button.
3. Create a Container in the Storage Account
a. Navigate to Containers on the left navigation bar.
b. Click Container.
c. Specify the container name. Click Create.
d. Click Upload to upload a sample file in the container.
Until now, we have a resource group with a storage account within which there is a container.
4. Create a Managed Identity
a. Navigate to Managed Identities in the search bar.
b. Click Create.
c. Specify the resource group you created in step 1.
d. Specify the name of the user-assigned managed identity in the Name field.
e. Click Next where TERMS appear.
f. Click Create. User-assigned managed identity is deployed successfully.
5. Create a Virtual Machine
a. Navigate to the Virtual Machine from the search bar.
b. Click Create.
c. Select the resource group created in step 1.
d. Specify the name of the virtual machine.
e. Click Next:<> in the bottom panel until the virtual machine validation is passed.
f. Click Create.
g. Click the Download private key and create resource dialog box.
The private key is not stored and cannot be retrieved if you miss to download the private key.
h. Click the Go to resource button.
6. Link the User-Assigned Managed Identity with the Virtual Machine and Storage Account
a. Navigate to the Identity option under Security in the left navigation.
b. Click the User assigned option.
c. Click Add.
d. Select the User assigned managed identities from the list.
A single virtual machine can have multiple user-assigned managed identities assigned to it.
e. Click Add after checking the right user-assigned managed identity created in Step 4. The identity is added to the virtual machine.
f. Navigate to Home.
g. Select the storage account created in Step 2.
h. Click Access control (IAM) in the left navigation.
i. Click Add>Add role assignment.
j. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.
h. Click Next.
i. Choose the Managed identity option in the Assign access to field.
j. Click Select members in the Members field. The Select managed identities box appears on the left.
k. Select the User-assigned managed identity option in the Managed identity field.
l. Select the name of the user-assigned managed identity created in Step 4.
m. Click Select. The user-assigned managed identity is added to the storage account.
n. Click Next until Scope appears.
o. Click Review + assign.
p. Click the Check access tab to check the added role.
q. Click Managed identity in the Check access box on the right.
r. Select the User-assigned managed identity in the Managed identity field.
s. Select the name of the user-assigned managed identity. The current role assignments appear.
t. Navigate to the user-assigned managed identity created in Step 4 from the search bar to obtain the client ID.
7. Add System-Assigned Managed Identity to Virtual Machine
a. Click Home.
b. Navigate to Identity under the Security tab on the left navigation.
c. Select the System assigned tab on the top.
d. Select On for Status.
e. Click Save. The Enable system assigned managed identity dialog box appears.
f. Click Yes. A system-assigned managed identity is restricted to one per resource and is tied to the lifecycle of this resource.
g. Navigate to Home.
h. Select the storage account created in Step 2.
i. Click Access control (IAM) in the left navigation.
j. Click Add>Add role assignment.
k. Search for the Storage Blob Data Contributor role from the list of roles on the Add role assignment page.
l. Click Next.
m. Choose the Managed identity option in the Assign access to field.
n. Click Select members in the Members field. The Select managed identities box appears on the left.
o. Select All system-assigned managed identities in the Managed identity field.
p. Select the name of the virtual machine created in Step 5.
q. Click Select.
r. Click Review + assign.
Configure Information Required to Create Your Binary Account
Specify the values required to create a successful Binary Azure Storage Account.
Navigate to the Binary Snap of your choice and configure the Binary Azure Storage Account.
You must provide the Client ID for the user-assigned managed identity. When you select the system-assigned managed identity for the Managed identity field, no client ID is required.
You must run the Snap account in the Snaplex created in the virtual machine.
Click Apply.
Related content: