config_azure with AAD | Teradata DSA Commands - 17.20 - config_azure with Azure Active Directory - BAR - Data Stream Architecture

Teradata® DSA User Guide

Data Stream Architecture
Release Number
November 2022
English (United States)
Last Update


The DSA Azure AD helps prevent unauthorized access to the storage accounts. To prevent it, Teradata implemented Azure AD with DSA using the client's secret credentials approach based on the Authentication with service principles.

The config_azure command configures the Microsoft Azure Server in the DSA repository based on parameter files.

During configuration, enter the following parameters:
  1. Tenant_id (Azure AD tenant)
  2. Client_id (Registered app ID)
  3. Client_secret (Client secret value)

Here is a representation of the high-level architecture:



  1. Register an app in the Azure portal to get the client ID, Azure AD tenant ID.
  2. Create a client secret from the Azure portal to get the client's secret value.

Register app and assign role in the Azure portal

To register app and assign role, follow these steps:

  1. In the Azure portal, click app registration from your AD tenant.
    1. Enter app name.
    2. Leave redirect URL blank.
    3. Note the client ID and tenant ID.
  2. Create client secret for your registered app and note the client secret value. See
  3. To assign role for your storage account, see


config_azure -f|-file FILE


config_azure -f file1.xml


f|file filename
The full path and name of the file containing the necessary configuration parameters.
u|user_authentication User
Required when security management is enabled. Supplies the command with the Viewpoint user, and triggers a password prompt for authentication.

Permissions required: Administrator role

Usage Notes

Enter tenant ID, client ID, and client secret value for the Azure storage account.

XML File Example

Here’s a representative XML file. Note that "/" must follow the prefix_name to use it as a folder.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<dscConfigAzureBlobStorage xmlns="">
<!-- 'Storage account' - Required, max length 24, lowercase -->
 <!-- 'Storage account enumeration ' - Required, valid values: cool, hot -->
 <!-- Specialized endpoint for Azure Independent Clouds e.g. AzureUSGovernment,    
  AzureChinaCloud and AzureGermanCloud - Optional -->
 <!--'Blob container name' - Required, max length 63, lowercase, at least one -->
      <!-- 'Prefix name' - Required, max length 256, at least one -->