Account Access Identifiers in Azure

Azure applications are identities in Microsoft Entra ID that are used to delegate access to resources in an Azure AD tenant. An enterprise application (or service principal) is an instance of an application registration that can exist in a single tenant or multi-tenant. Each service principal only has access to the resources in the AD directory (tenant) in which it exists.

To learn more about Azure applications and service principals, visit Azure App objects and service principals ↗

Types of Applications used in Bobsled

Bobsled-managed Application (Simplest approach)

For each share with a destination to Azure Blob Storage, a Bobsled-managed application can be requested with access to the Bobsled-managed destination container. To access the container with the Bobsled-managed Application, up to 100 secrets or "passwords" can be generated within Bobsled. These secrets are used to authenticate with the service principal on the command line and access the data in the Bobsled-managed destination container present in Bobsled's Azure tenant.

Consumer-managed Application (advanced)

Using a Consumer-managed application, a consumer of a share can manage and use their own Azure application registration with their own secret credentials. Bobsled will grant the application access to the data in the Bobsled-managed destination container present in Bobsled's Azure tenant. This application must be registered as multi-tenant.

How does Bobsled use Azure Applications?

Bobsled utilizes Azure enterprise applications to authorize access to Azure resources through Microsoft Entra ID. Bobsled provides each service principal with the ability to generate a Shared Access Token (SAS Token) to copy and sync the data from the Bobsled-managed destination container to a container of your choice.

To learn how to configure a Azure Blob Storage destination, please visit Azure Blob Storage destination