Version 23.4.8843

• Azure Active Directory
• Azure Managed Service Identity
• Azure Service Principal
• Azure Service Principal Certificate
• Azure Access Key
• Azure Shared Access Signature

In CData Sync, you can connect to Azure Blob Storage in several ways. Select your authentication method below, then proceed to the relevant section and follow those instructions.

• Azure Active Directory

• Azure Managed Service Identity

• Azure Service Principal

• Azure Service Principal Certificate

• Azure Access Key

• Azure Shared Access Signature

Azure Active Directory

To connect with an Azure Active Directory user account, select AzureAD for Auth Scheme. CData Sync provides an embedded OAuth application with which to connect so no additional properties are required.

Complete the remaining steps for establishing your connection.

Azure Managed Service Identity

To leverage Managed Service Identity (MSI) when CData Sync is running on an Azure virtual machine, select AzureMSI for Auth Scheme. No additional properties are required.

Complete the remaining steps for establishing your connection.

Azure Service Principal

To connect with an Azure service principal and client secret, set the following properties:

• Auth Scheme - Select AzureServicePrincipal.

• Azure Tenant - Enter the Microsoft Online tenant to which you want to connect.

• OAuth Client Id - Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.

• OAuth Client Secret - Enter the client secret that you were assigned when you registered your application with an OAuth authorization server.

To obtain the OAuth client Id and client secret for your application:

1. Log in to the Azure portal.

2. In the left navigation pane, select All services. Then, search for and select App registrations.

3. Click New registrations.

4. Enter an application name and select Any Azure AD Directory - Multi Tenant. Set the redirect URI to the value that is specified for CallbackURL.

5. After you create the application, copy the application (client) Id value that is displayed in the Overview section. Use this value as the OAuth client Id.

6. Navigate to the Certificates & Secrets section and select New Client Secret for the application.

7. Specify the duration and save the client secret. After you save it, the key value is displayed.

8. Copy this value because it is displayed only once. You will use this value as the OAuth client secret.

9. On the Authentication tab, make sure to select Access tokens (used for implicit flows).

Complete the remaining steps for establishing your connection.

Azure Service Principal Certificate

To connect with an Azure service principal and client certificate, set the following properties:

• Auth Scheme - Select AzureServicePrincipalCert.

• Azure Tenant - Enter the Microsoft Online tenant to which you want to connect.

• OAuth Client Id - Enter the client Id that you were assigned when you registered your application with an OAuth authorization server.

• OAuth JWT Cert – Enter your Java web tokens (JWT) certificate store.

• OAuth JWT Cert Type – Enter the type of key store that contains your JWT Certificate. The default type is PEMKEY_BLOB.

• OAuth JWT Cert Password (optional) – Enter the password for your OAuth JWT certificate.

• OAuth JWT Cert Subject (optional) – Enter the subject of your OAuth JWT certificate.

To obtain the OAuth certificate for your application:

1. Log in to the Azure portal.

2. In the left navigation pane, select All services. Then, search for and select App registrations.

3. Click New registrations.

4. Enter an application name and select Any Azure AD Directory - Multi Tenant. Set the redirect URI to the value that is specified for CallbackURL.

5. After you create the application, copy the application (client) Id value that is displayed in the Overview section. Use this value as the OAuth client Id.

6. Navigate to the Certificates & Secrets section and select Upload certificate. Then, select the certificate to upload from your local machine.

7. Specify the duration and save the client secret. After you save it, the key value is displayed.

8. Copy this value because it is displayed only once. You will use this value as the OAuth client secret.

9. On the Authentication tab, make sure to select Access tokens (used for implicit flows).

Complete the remaining steps for establishing your connection.

Azure Access Key

To connect with an Azure access key, set the following properties:

• Auth Scheme: Select Access Key.

• Azure Access Key: Enter the access key that is associated with your storage account.

To retrieve your access key:

1. Sign in to the Azure portal with the credentials for your root account.

2. Click Storage accounts and select the storage account that you want to use.

3. Under Settings, click Access keys. Your storage account name and key are displayed on that page.

Complete the remaining steps for establishing your connection.

Azure Shared Access Signature

To connect with an Azure shared access signature, set the following properties:

• Auth Scheme: Select AzureStorageSAS.

• Shared Access Signature: Enter the shared access signature that is associated with the storage account.

To create an Azure shared access signature:

1. Sign in to the Azure portal with the credentials for your root account.

2. Click Storage accounts and select the storage account you want to use.

3. Under Settings, click Shared Access Signature.

4. Set the permissions and a date when the token will expire.

5. Click Generate SAS and copy the token that is generated.

Complete the remaining steps for establishing your connection.