Versions Compared

Old Version 5

changes.mady.by.user Claudiu Barbura

Saved on

compared with

New Version Current

changes.mady.by.user Ciprian LUCACI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • LHO deployment scripts create and configure an App Registration in your Azure portal Microsoft Azure portal App Registrations for Azure AD Single Sign-On and as the application identity for calling downstream Databricks APIs for background telemetry data analysis

  • LHO requires an administrator rights when running deployment scripts.

  • Configurations done automatically by the deployment scripts:

    • Creates an Azure AD App Registration that will be used as a Service Principal for Azure AD Single Sign-On

      • this service principal is of type system-assigned managed identity (learn more at “Managed Identities Types”)

    • Creates an App Registration in your Azure portal Microsoft Azure portal App Registrations

      • sets a name for the Service Principal. This name will be used later to assign roles

    • Sets the redirect uri to https://{FQDN}/login/oauth2/code/azure where FQDN is the url the LHO Application is published with

    • Creates a secret (Certificates & Secrets tab) named msft-provider-auth-secret , also known as client secret

      • in Azure Key Vault sets the LHO secret msft-provider-auth-secret to <value-of-msft-provider-auth-secret>. The Azure Key Vault instance was already created by the LHO deployment script with the name specified during deployment process.

    • Enables ID Tokens in the Authentication tab

    • sets clientId, tenantId as public variables for LHO .env file (3)

  • you can find the created Service Principal by searching in Microsoft Azure portal App Registrations with the clientId exposed in the LHO Workspace Settings

...

💰Consumption Data Authentication

...