Azure Workload Identities¶
How to authenticate using workload identities instead of user credentials.
Authenticating Using Workload Identities Instead of User Credentials¶
Workload identities enable you to define a cloud workload that will have access to your Deep Lake organization without authenticating using Deep Lake user tokens. This enables users to manage and define Deep Lake permissions for jobs that many not be attributed to a specific user.
Set up a Workload Identity using the following steps:
- Define an Azure Managed Identity in your cloud
- Attached the Azure Managed Identity to your workload
- 
Create a Deep Lake Workload Identity using the Azure Managed Identity 
- 
Run the workload in Azure 
Step 1: Define the workload identity in Azure¶
- 
Navigate to Managed Identities in Azure 
- 
Click Createa Managed Identity
- 
Select the SubscriptionandResource Groupcontaining the workload, and give the Managed Identity aName. ClickReview + Create.
Step 2: Attached the Azure Managed Identity to your workload¶
When creating or updating a resource that will serve as the Client running Deep Lake, assign the Managed Identity from Step 1 to this resource.
For example, in Azure Machine Learning Studio, when creating a compute instance, toggle Assign Identity and select the Managed Identity from Step 1.
Step 3: Create a Deep Lake Workload Identity using the Azure Managed Identity¶
Navigate to the Permissions tab for your organization in the Deep Lake App, locate the Workload Identities, and select Add.
Specify a Display Name, Client ID (for the Managed Identity), and Tenant ID. The Client ID can be found in the main page for the Managed Identity, and the Tenant ID can be found in Tenant Properties in Azure. Click Add.
Step 4: Run the workload¶
Specify the environmental variables below in the Deep Lake client and run other Deep APIs as normal.
#### THIS IS THE CLIENT_ID FOR THE COMPUTE INSTANCE
#### NOT THE MANAGED IDENTITY 
os.environ["AZURE_CLIENT_ID"] = azure_client_id
os.environ["ACTIVELOOP_AUTH_PROVIDER"] = "azure"
Specifying the AZURE_CLIENT_ID is not necessary in some environments because the correct value may automatically be set.
For a compute instance in the Azure Machine Learning Studio, the Client ID can be found in instance settings below:






