Workload Identities (Azure Only)
How to authenticate using workload identities instead of user credentials.
How to authenticate using workload identities instead of user credentials.
Workload identities enable you to define a cloud workload that will have access to your Deep Lake organization without authenticating using Deep Lake user tokens. This enables users to manage and define Deep Lake permissions for jobs that many not be attributed to a specific user.
Set up a Workload Identity using the following steps:
Define an Azure Managed Identity in your cloud
Attached the Azure Managed Identity to your workload
Create a Deep Lake Workload Identity using the Azure Managed Identity
Run the workload in Azure
Navigate to Managed Identities in Azure
Click Create a Managed Identity
Select the Subscription and Resource Group containing the workload, and give the Managed Identity a Name. Click Review + Create.
When creating or updating a resource that will serve as the Client running Deep Lake, assign the Managed Identity from Step 1 to this resource.
For example, in Azure Machine Learning Studio, when creating a compute instance, toggle Assign Identity and select the Managed Identity from Step 1.
Navigate to the Permissions tab for your organization in the Deep Lake App, locate the Workload Identities, and select Add.
Specify a Display Name, Client ID (for the Managed Identity), and Tenant ID. The Client ID can be found in the main page for the Managed Identity, and the Tenant ID can be found in Tenant Properties in Azure. Click Add.
Specify the environmental variables below in the Deep Lake client and run other Deep APIs as normal.
Note: the CLIENT_ID below is for the compute instance, not the Managed Identity.
Specifying the AZURE_CLIENT_ID is not necessary in some environments because the correct value may automatically be set.
For a compute instance in the Azure Machine Learning Studio, the Client ID can be found in instance settings below:
