Identity and Access Management

Controlling who gets access to the resources in your analytics pipeline and what they can do once they have access is the goal of identity and access management. This boils down to these main concepts:

Identity

Who are the users or groups?

Authentication

How do you verify that a user or application is who they say they are?

Authorization

What do you let the user or application do?

The actual mechanisms provided for defining identities, authenticating identities, and authorizing actions varies by Azure service, but can be distilled to the following, which we’ll call access management mechanisms:

Azure Active Directory identities

Using Azure Active Directory (AAD) to manage user identities, application identities, and group identities.  

Shared keys

Typically a username and password or a key name and secret value. 

Shared access signatures

Cryptographically secured URIs that encapsulate a resource and the permissions allowed on that resource in a convenient URL format. The canonical example of this is Azure Blob Storage, which enables you to manage access to an account, container, or blob and specify what the user is allowed to do with ...