# ADLS Gen2 > ADLS Gen2 - How to connect to the native ADLS Gen2 connector. This Markdown file sits beside the HTML page at the same path (with a `.md` suffix). It summarizes the topic and lists links for tools and LLM context. Companion generated at `2026-05-01T23:10:48.099827+00:00` (UTC). ## Primary page - [ADLS Gen2](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html): Full documentation for this topic (HTML). ## Sections on this page - [Supported authentication](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#supported-authentication): In-page section heading. - [OAuth](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#oauth): In-page section heading. - [Register the DataRobot application in Azure](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#register-the-datarobot-application-in-azure): In-page section heading. - [Configure access to the storage account](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#configure-access-to-the-storage-account): In-page section heading. - [Mark the application as publisher verified](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#mark-the-app-as-publisher-verified): In-page section heading. - [Azure service principal](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#azure-service-principal): In-page section heading. - [Register the DataRobot application in Azure](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#register-the-datarobot-application-in-azure): In-page section heading. - [Set up a connection in DataRobot](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#set-up-a-connection-in-datarobot): In-page section heading. - [Required parameters](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#required-parameters): In-page section heading. - [Feature considerations](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#feature-considerations): In-page section heading. ## Related documentation - [Reference documentation](https://docs.datarobot.com/en/docs/reference/index.html): Linked from this page. - [Data reference](https://docs.datarobot.com/en/docs/reference/data-ref/index.html): Linked from this page. - [Supported data stores](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/index.html): Linked from this page. - [connecting to a data source](https://docs.datarobot.com/en/docs/workbench/nxt-workbench/dataprep/add-data/connect.html#connect-to-a-data-source): Linked from this page. ## Documentation content # ADLS Gen2 ## Supported authentication - OAuth - Azure service principal ## OAuth ### Register the DataRobot application in Azure For the Microsoft identity platform to provide OAuth 2.0 authentication and authorization services for an application and its users, the application must be registered in the Azure portal with the associated parameters configured. Once this step is done, you will have the following information required for setup in DataRobot: - Client ID - Client secret - Scope - Properly configured end-user permissions for role-based access control To register a DataRobot application in the Azure portal and configure its parameters, follow the instructions in the [Microsoft Entra documentation](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app): 1. Under Supported account types , select Accounts in any organizational directory and personal Microsoft accounts or Accounts in any organizational directory . 2. After the initial registration is complete, copy the Application ID (Client ID) on the Overview page. 3. Configure a redirect URI . In Configure platform settings , select Web and enter a redirect URI as follows: https:///account/adls/adls_oauth_authz_return (e.g., `https://app.datarobot.com/account/adls/adls_oauth_authz_return). The first part is where you installed the DataRobot application. 4. Configure a client secret. InCertificates & secrets, select theClient secretstab and clickNew client secret. Copy the client secret value (you won't be able to copy this later). NoteEach client secret has an expiration date. To avoid OAuth outages, periodically create a new client secret. Once a new client secret is created, you must update all associated credentials. 5. Configure the permissions (scope): If the user already has access to the data in the storage account, you can skip [Configure access to the storage account](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/wb-adls.html#configure-access-to-the-storage-account). ### Configure access to the storage account To allow the DataRobot app to access files or objects under a storage account on behalf of the user, the user must first be granted access to the storage account files and objects. Azure role-based access control (RBAC) is recommended. See the [Microsoft Azure documentation](https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control-model) for more information. To set up RBAC, follow the instructions in the [Microsoft Azure documentation](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition) using the following parameters: - For Step 3: Select the appropriate role , choose Storage Blob Data Reader . - For Step 4: Select who needs access , choose the user or group you want to grant access to. ### Mark the application as publisher verified Mark the DataRobot application as publisher verified using the instructions in the [Microsoft Entra documentation](https://learn.microsoft.com/en-us/entra/identity-platform/mark-app-as-publisher-verified). ## Azure service principal ### Register the DataRobot application in Azure To support the Azure service principal account, you must create and register a DataRobot application in the Azure portal, and configure its permissions. Once this step is done, you will have the following information required for setup in DataRobot: - Client ID - Client secret - Tenant ID - Properly configured service principal permissions for role-based access control To register a DataRobot application in the Azure portal and configure its parameters, follow the instructions in the [Microsoft Entra documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal): > [!NOTE] Note > Configuring a redirect URI is optional for service principal connections. 1. Under Supported account types , select Accounts in this organizational directory only . Note that you will need the name of the application to assign permissions. 2. After the initial registration is complete, copy the Application ID (Client ID) and Directory ID (Tenant ID) on the Overview page. 3. Assign a role to the application . Set the role name to Storage Blob Data Reader . If you want to set permissions at the storage account level, select the appropriate storage account and follow the instructions. 4. Configure a client secret. InCertificates & secrets, select theClient secretstab and clickNew client secret. Copy the client secret value (you won't be able to copy this later). NoteEach client secret has an expiration date. To avoid OAuth outages, periodically create a new client secret. Once a new client secret is created, you must update all associated credentials. ## Set up a connection in DataRobot To connect to ADLS Gen2 in DataRobot (this example uses service principal): 1. Open Workbench and select a Use Case. 2. Follow the instructions for connecting to a data source . 3. Enter the Azure Storage Account Name , the subdomain name of your unique Azure URL. 4. UnderAuthentication, clickNew credentialsand select an authentication method. Then, enter therequired parametersretrieved in the previous sections, and a unique display name. If you've previously added credentials for this data source, you can select it from your saved credentials. 5. ClickSave. ## Required parameters The table below lists the minimum required fields to establish a connection with ADLS Gen2: **OAuth:** Required field Description Notes Azure storage account name A unique name for your Azure storage account, which contains all your Azure Storage data objects. Microsoft documentation Client ID A unique value that identifies an application in the Microsoft identity platform. Microsoft documentation Client Secret Credentials used by confidential client applications that access a web API. Microsoft documentation Scope Permissions-based access to web API resources for authorized users and client apps that access the API. Microsoft documentation **Service principal:** Required field Description Notes Azure storage account name A unique name for your Azure storage account, which contains all your Azure Storage data objects. Microsoft documentation Client ID A unique value that identifies an application. Microsoft documentation Client Secret Credentials used by confidential client applications that access a web API. Microsoft documentation Azure Tenant ID A unique identifier for your Microsoft Entra tenant, which represents an organization. Microsoft documentation > [!NOTE] Optional parameters > 'File System Name' and 'Data Store Root Directory' are optional parameters. If specified, you can browse the files and folders within the specified file system or root directory directly from DataRobot. ## Feature considerations Consider the following when connecting to ADLS Gen2 in DataRobot. - The ADLS Gen2 connector does not support: