Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ModeDescription
System

All users authenticate to ADLS using a single system key/secret combination. This combination is specified in the following parameters, which you should have already defined:

  • azure.applicationId
  • azure.secret
  • azure.directoryId

These properties define the registered application in Azure Active Directory. System authentication mode uses the registered application identifier as the service principal for authentication to ADLS. All users have the same permissions in ADLS.

For more information on these settings, see Configure for Azure.

User

In user mode, per-user access is governed by Azure AD SSO. A set of tokens is acquired during SSO login for the user and is stored in the Azure Key Vault against the user's masked identifier.

Additional configuration is required. See below.

...

  1. D s config
  2. Verify that the following parameter to system:

    Code Block
    "azure.adlsgen2.mode": "system",


  3. Save your changes.

User mode access

In user mode, a user ID hash is generated from the Key Vault key/secret and the user's AD login. This hash is used to generate the access token, which is stored in the Key Vaultset of tokens is acquired during SSO login for the user and is stored in the Azure Key Vault against the user's masked identifier.

Pre-requisites:

  • D s platform
     must be integrated with a Databricks 8.3 cluster. For more information, see Configure for Azure Databricks.
  • User mode access to ADLS requires Single Sign On (SSO) to be enabled for integration with Azure Active Directory. For more information, see Configure SSO for Azure AD.

...