Connecting to Azure Blob Storage
Before You Connect
To obtain the credentials for an AzureBlob user, follow the steps below:
- Sign into the Azure portal with the credentials for your root account.
- Click on Storage Accounts and select the storage account you want to use.
- Under Settings, click Access keys.
- Your storage account name and key will be displayed on that page.
Connecting to Azure Blob Storage
Set the AzureAccessKey connection property to the access key associated with the Azure blob to identify the user.
Authenticating to Azure Blob Storage
You can authenticate to Azure Blob Storage as an Azure AD user, with MSI authentication, or using an Azure Service Principal.
Azure AD
You can authenticate an Azure AD account using either an Azure Access Key or OAuth authentication.
Method 1: Storage Account and Access Key
Set the following to authenticate with an Azure Access Key:
- AuthScheme: Set this to AzureAD.
- AzureStorageAccount: Set this to the account associated with the Azure data lake store.
- AzureAccessKey: Set this to the access key associated with the Azure data lake store.
Method 2: OAuth
Set the following to authenticate with OAuth:
- AuthScheme: Set this to AzureAD.
- AzureStorageAccount: Set this to the account associated with the Azure data lake store.
- InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
Azure MSI
If you are connecting from an Azure VM with permissions for Azure Blob storage, set the following:
- AuthScheme: Set this to AzureMSI.
- AzureStorageAccount: Set this to the account associated with the Azure blob.
Azure Service Principal
If you would like to authenticate with a service principal instead of a client secret, it is also possible to authenticate with a client certificate. Set the following to authenticate:
- InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.
- AuthScheme: Set this to AzureServicePrincipal.
- AzureTenant: Set this to the tenant you wish to connect to.
- OAuthGrantType: Set this to CLIENT.
- OAuthClientId: Set this to the Client Id in your app settings.
- OAuthJWTCert: Set this to the JWT Certificate store.
- OAuthJWTCertType: Set this to the type of the certificate store specified by OAuthJWTCert.