Prerequisites

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Before installing and configuring the Azure Data Factory OCF connector, ensure that you configure the network connectivity, set up the service account, and your Azure account for authentication.

To obtain the access token necessary for accessing the Azure API, ensure the following properties are set up for authentication:

  • Client ID

  • Client Secret

  • Grant Type

  • Resource Group Name

  • Subscription ID

  • Scope

  • Tenant ID

Create a Service Account

Create a service account for Azure Data Factory that can be used by Alation to authenticate the server. The service account helps in registering an OAuth client and obtaining the client credentials containing a client ID and a client secret key. This used to authenticate with Azure data factory Rest API.

Register an Application with Microsoft Entra ID

You need to register an application to get a client ID and secret. Then, add a scope and assign a contributor role for the application.

Obtain Client ID

To obtain a client ID, follow these steps:

  1. Log on to the Azure portal as an administrator.

  2. Go to Microsoft Entra ID > App registration > New Registration.

  3. Enter name for an application.

  4. Register the application.

Note

From the Overview section, copy and keep the client ID for future use.

Obtain Client Secret

To obtain a client secret, follow these steps:

  1. Open the application that you created in the previous steps.

  2. On the left pane, open the Manage section.

  3. Navigate to Certificates & secrets > New client secret.

  4. Enter a description and an expiry date.

Note

Copy and keep the client secret for future use.

Add Scope to the Registered Application

To add a scope to the registered application, follow these steps:

  1. Open the application that you created in the previous steps.

  2. On the left pane, open the Manage section.

  3. Select Expose an API and click Add Scope.

  4. Follow the on-screen instructions and select who can consent as Admin & User.

  5. Set the scope to Files and Read.

Assign a Contributor Role to the Registered Client

To assign a contributor role to the registered client, follow these steps:

  1. In Azure portal, navigate to the Resource group page.

    ../../../_images/adf-asign-contributor-role.png
  2. On the left pane, navigate to Access Control (IAM) > Role Assignment > Add.

  3. Select a role for Contributor and click Next.

  4. On the Add role assignment screen, click on Add member.

  5. Search for and Select the Azure application that you created during app registration.

Permissions for Metadata Extraction

The minimum permission required for metadata extraction (MDE) is to have a read access to the files.