Azure Profile
The Azure Profile is used for setting up the access credentials and properties to be used to connect to an Azure environment. Currently, the profile can be used with the following agents:
- ADLS2 File collection agent
- ADLS2 File forwarding agent
- Azure Event Hub Consumer agent
- Azure Event Hub Producer agent
and APL functions:
kustoTableCreate, for more information, see Database Table Functions.
Buttons
The contents of the buttons in the button bar may change depending on which configuration type has been opened. The Azure Profile uses the standard menu items and buttons that are visible for all configurations, and these are described in Common Configuration Buttons.
The Edit button is specific to the Azure Profile configurations.
| Item | Description |
|---|---|
External References
| Select this menu item to enable the use of External References in the Azure profile configuration. This can be used to configure the following fields: Shared Key
Connection String
Secret Key
Certificate
For further information, see Using External Reference in Agent Profile Fields and External Reference Profile. |
General Tab
Azure Data Lake Storage
Authentication Method - Shared Key
The following settings are available in the Shared Key authentication method for the Azure Data Lake Storage application in the Azure profile.
Azure profile - Azure Data Lake Storage Shared Key configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. For ADLS2 file agents, select Azure Data Lake Storage. |
| Authentication Method | Select the authentication method for accessing the Azure Data Lake Storage. There are 3 choices with Shared Key, Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. |
| Storage Account Name | Enter the name of the Azure storage account name that will be used by the Azure Data Lake Storage. |
| Key | Enter the authorized shared access key used to access the Azure storage account, or use Secret Profile. |
| Test Connection | Test the connectivity to the selected azure service using the authentication credentials provided. |
Authentication Method - Secret Key
The following settings are available in the Secret Key authentication method for the Azure Data Lake Storage application in the Azure profile.
Azure profile - Azure Data Lake Storage Secret Key configuration
Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. For ADLS2 file agents, select Azure Data Lake Storage. |
Authentication Method | Select the authentication method for accessing the Azure Data Lake Storage. There are 3 choices with Shared Key, Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. |
| Storage Account Name | Enter the name of the Azure storage account name that will be used by the Azure Data Lake Storage. |
Client ID | Enter the client ID (application ID) used to create the application for the Azure Active Directory that will allow the profile to access the Azure Data Lake Storage. The ID entered here should correlate with the client ID that is used when registering the application on the Azure Active Directory. |
| Tenant ID | Enter the tenant ID (directory ID) linked to the Azure AD application that will be used by the profile to access the Azure Data Lake Storage. |
| Client Secret | Enter the client secret provided when creating the application for the Azure Active Directory with the client ID above, or use Secret Profile. The client secret will only be visible when registering the client ID. |
| Test Connection | Test the connectivity to the selected azure service using the authentication credentials provided. |
Authentication Method - Certificate
The following settings are available in the Certificate authentication method for the Azure Data Lake Storage application in the Azure profile.
Azure profile - Azure Data Lake Storage Certificate configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. For ADLS2 file agents, select Azure Data Lake Storage. |
| Authentication Method | Select the authentication method for accessing the Azure Data Lake Storage. There are 3 choices with Shared Key, Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. |
| Storage Account Name | Enter the name of the Azure storage account name that will be used by the Azure Data Lake Storage. |
| Client ID | Enter the client ID (application ID) used to create the application for the Azure Active Directory that will allow the profile to access the Azure Data Lake Storage. The ID entered here should correlate with the client ID that is used when registering the application on the Azure Active Directory. |
| Tenant ID | Enter the tenant ID (directory ID) linked to the Azure AD application that will be used by the profile to access the Azure Data Lake Storage. |
| Use Security Profile | Select this checkbox to use a Keystore from a Security Profile. |
| Security Profile | Click Browse to select a security profile with certificate and configuration to use, if you prefer to use a secure connection. Refer to Security Profile for more information. |
| Certificate Type | Set the certificate format that is used by the Azure AD application. You can set it to either a PEM or PFX formatted certificate. |
| Certificate Path | Define the full local path of the certificate. The certificate must be stored in the same location as the EC that will be running the workflows with the ADLS2 file agents. The certificate must be the same one used by the Azure AD application. |
| Certificate Password | Enter the password for the PFX certificate, where the password value can also be an empty string. Password locked PEM certificates are not supported. |
| Test Connection | Test the connectivity to the selected azure service using the authentication credentials provided. |
Note!
For the Test Connection button to work while using certificate authentication, the certificate path must point to a certificate located in the Platform. However, when running workflows, the certificate path must point to a certificate located in the EC.
Azure Event Hub
Authentication Method - Connection String
The following settings are available in the Connection String authentication method for the Azure Event Hub application in the Azure profile.
Azure profile - Azure Event Hub Connection String configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. For Azure Event Hub agents, select Azure Event Hub. |
| Authentication Method | Select the authentication method for accessing the Azure Event Hub. There are 3 choices with Connection String, Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. |
| Connection String | Enter the connection string-primary key of the event hub instance that the profile will be accessing. You can locate the connection string from the shared access policies menu in the target event hub instance. |
| Test Connection | Test the connectivity to the selected Azure service using the authentication credentials provided. |
Authentication Method - Secret Key
The following settings are available in the Secret Key authentication method for the Azure Event Hub application in the Azure profile.
Azure profile - Azure Event Hub Secret Key configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. For Azure Event Hub agents, select Azure Event Hub. |
| Authentication Method | Select the authentication method for accessing the Azure Event Hub. There are 3 choices with Connection String, Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. |
| Namespace | Enter the namespace of the Event Hub that the profile will be accessing. |
| Event Hub Name | Enter the name of the Event Hub Instance within the Event Hub Namespace above that the profile will be accessing. |
| Client ID | Enter the client ID (application ID) used to create the application for the Azure Active Directory that will allow the profile to access the Azure Event Hub. The ID entered here should correlate with the client ID that is used when registering the application on the Azure Active Directory. |
| Tenant ID | Enter the tenant ID (directory ID) linked to the Azure AD application that will be used by the profile to access the Azure Event Hub. |
| Client Secret | Enter the client secret provided when creating the application for the Azure Active Directory with the client ID above, or use Secret Profile. The client's secret will only be visible when registering the client ID. |
| Test Connection | Test the connectivity to the selected Azure service using the authentication credentials provided. |
Authentication Method - Certificate
The following settings are available in the Certificate authentication method for the Azure Event Hub application in the Azure profile.
Azure profile - Azure Event Hub Certificate configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. For Azure Event Hub agents, select Azure Event Hub. |
| Authentication Method | Select the authentication method for accessing the Azure Event Hub. There are 3 choices with Connection String, Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. |
| Namespace | Enter the namespace of the Event Hub that the profile will be accessing. |
| Event Hub Name | Enter the name of the Event Hub Instance within the Event Hub Namespace above that the profile will be accessing. |
| Client ID | Enter the client ID (application ID) used to create the application for the Azure Active Directory that will allow the profile to access the Azure Event Hub. The ID entered here should correlate with the client ID that is used when registering the application on the Azure Active Directory. |
| Tenant ID | Enter the tenant ID (directory ID) linked to the Azure AD application that will be used by the profile to access the Azure Event Hub. |
| Use Security Profile | Select this checkbox to use a Keystore from a Security Profile. |
| Security Profile | Click Browse to select a security profile with certificate and configuration to use, if you prefer to use a secure connection. Refer to Security Profile for more information. |
| Certificate Path | Define the full local path of the certificate. The certificate must be stored in the same location as the EC that will be running the workflows with the Event Hub agents. The certificate must be the same one used by the Azure AD application. |
| Certificate Password | Enter the password for the PFX certificate, where the password value can also be an empty string. Password-locked PEM certificates are not supported. |
| Test Connection | Test the connectivity to the selected Azure service using the authentication credentials provided. |
The following settings are available in the Certificate authentication method for the Azure Event Hub application in the Azure profile.
Note!
For the Test Connection button to work while using certificate authentication, the certificate path must point to a certificate located in the Platform. However, when running workflows, the certificate path must point to a certificate located in the EC.
Azure Data Explorer
The following settings are available in the Secret Key authentication method for the Azure Data Explorer application in the Azure profile.
Azure profile - Azure Data Explorer Secret Key configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. To select Azure Data Explorer, select it from the dropdown menu list. |
| Authentication Method | Select the authentication method for accessing Azure Data Explorer. There are 2 choices – Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. Choosing Secret Key enables this method. |
| Cluster Name | Enter the cluster name. |
| Location | Enter the associated location. |
| Client ID | Enter the client ID (application ID) used to create the application for the Azure Active Directory that will allow the profile to access the Azure Data Explorer. The ID entered here should correlate with the client ID that is used when registering the application on the Azure Active Directory. |
| Tenant ID | Enter the tenant ID (directory ID) linked to the Azure AD application that will be used by the profile to access the Azure Data Explorer. |
| Client Secret | Enter the client secret provided when creating the application for the Azure Active Directory with the client ID above, or use Secret Profile. The client's secret will only be visible when registering the client ID. |
| Use Secrets Profile | Click this to use stored credentials from a Secrets Profile. |
| Test Connection | Test the connectivity to the selected Azure service using the authentication credentials provided. |
The following settings are available in the Certificate authentication method for the Azure Data Explorer application in the Azure profile.
Azure profile - Azure Data Explorer Certificate configuration
| Setting | Description |
|---|---|
| Application Select | Allows you to select the Azure resource that the profile will connect to. To select Azure Data Explorer, select it from the dropdown menu list. |
| Authentication Method | Select the authentication method for accessing Azure Data Explorer. There are 2 choices – Secret Key and Certificate. Choosing one of the options will display the appropriate configuration menu for the chosen authentication method. Choosing Certificate enables this method. |
| Cluster Name | Enter the cluster name. |
| Location | Enter the associated location. |
| Client ID | Enter the client ID (application ID) used to create the application for the Azure Active Directory that will allow the profile to access the Azure Data Explorer. The ID entered here should correlate with the client ID that is used when registering the application on the Azure Active Directory. |
| Tenant ID | Enter the tenant ID (directory ID) linked to the Azure AD application that will be used by the profile to access the Azure Data Explorer. |
| Security Profile | Click Browse to select a security profile with certificate and configuration to use, if you prefer to use a secure connection. Refer to Security Profile for more information. |
| Test Connection | Test the connectivity to the selected azure service using the authentication credentials provided. |
Advanced Tab
Advanced Tab
The content of this tab changes depending on the selected method in the General Tab. The following fields are available for each option:
| Field | Description |
|---|---|
| Authority Host | Enter the URL to the directory the Microsoft Authentication Library will request tokens. If left empty, the following default values will be used accordingly:
|
| API Endpoint | Enter the API endpoint in Azure to be used for accessing and managing the services. If left empty is not entered, the following default values will be used accordingly:
|
Additional Information
To find out more about the configuration for both authority and endpoints, refer to https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud#azure-ad-authentication-endpoints and https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure.