Azure User-Assigned Managed Identity

You can use an Azure user-assigned managed identity to connect an Azure Cosmos DB to DSPM.

In Azure Portal:

1. Create an Azure user-assigned managed identity. Alternatively, you can use an existing user-assigned managed identity.
2. Assign the user-assigned managed identity to the data store.
3. Create a private endpoint. This endpoint will be used to allow access to the data store from a virtual network (VNet).
4. Create a custom VNet. For instructions, see Azure Deployment Using Existing Networking Resources.
5. Connect the private endpoint to the custom VNet.
6. Grant the user-assigned managed identity the Cosmos DB Account Reader Role on the data store. For example:

   

In DSPM:

1. Select Inventory > Data Stores.
2. Select the Data Stores tab.
3. Select a data store.
4. Select the Connect tab.

   

5. Enter the following information:
   • Connection Type: Select Azure User Managed Identity.
   • User Managed Identity ID: Enter the object ID of the user-assigned managed identity.

     Example:

     /subscriptions/8a432cb8-7b8d-49ad-8bbe-747f943a9262/resourceGroups/abc-azure-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/abc-user-managed-id

6. Click Submit.