Atlan supports service principal authentication for fetching metadata from Microsoft Azure Data Factory. This method requires a client ID, client secret, and tenant ID to fetch metadata.
Register app with Microsoft Entra ID
🤓 Who can do this? You will need your Cloud Application Administrator or Application Administrator to complete these steps — you may not have access yourself. This will be required if the creation of registered applications is not enabled for the entire organization.
You will need to register your service principal application with Microsoft Entra ID and note down the values of the tenant ID, client ID, and client secret.
To register your app with Microsoft Entra ID:
- Log in to the Azure portal.
- In the search bar, search for Microsoft Entra ID, and select it from the dropdown list.
- From the left menu of the Microsoft Entra ID page, click App registrations.
- From the toolbar on the App registrations page, click + New registration.
- On the Register an application page, for Name, enter a name for your service principal application and then click Register.
- On the homepage of your newly created application, from the Overview screen, copy the values for the following fields and store them in a secure location:
- Application (client) ID
- Directory (tenant) ID
- From the left menu of your newly created application page, click Certificates & secrets.
- On the Certificates & secrets page, under Client secrets, click + New client secret.
- In the Add a client secret screen, enter the following details:
- For Description, enter a description for your client secret.
- For Expiry, select when the client secret will expire.
- Click Add.
- On the Certificates & secrets page, under Client secrets, for the newly created client secret, click the clipboard icon to copy the Value and store it in a secure location.
Set permissions
🤓 Who can do this? You will need your Microsoft Azure Data Factory administrator to complete these steps — you may not have access yourself.
You will need to add the service principal to the Reader role. This will allow the service principal read-only access to your Microsoft Azure Data Factory account.
To add the service principal to the Reader role:
- Log in to the Azure portal.
- Open the menu and search for or select Data factories.
- On the Data factories page, select the data factory you want to crawl in Atlan.
- From the left menu of your data factory page, click Access control (IAM).
- From the tabs along the top of the Access control (IAM) page, click Add and then click Add role assignment.
- On the Add role assignment page, configure the following:
- In the Roles tab, from the list of roles under Job function roles, select Reader — this allows read-only access to your data factory — and then click Next. You will need to assign this role to all the data factories you want to crawl in Atlan.
- In the Members tab, enter the following details:
- For Assign access to, click User, group, or service principal.
- For Members, click + Select members and then select the service principal you created. Click Next to proceed to the next step.
- In the Review + assign tab, click Review + assign to add role assignment.
Atlan will extract metadata from all the data factories you specified in your Microsoft Azure Data Factory account with Reader access.