ADF Integration

Overview

This guide outlines the necessary permissions and service principals required to fully integrate the Loome application with Azure Data Factory (ADF). These configurations are essential for enabling key features related to metadata harvesting.

You need to configure a Service Principal with ADF permissions, so Loome can read metadata from the ADF factory(s) about its pipelines and activities.

Set up the Service Principal for ADF

Required Account: Microsoft Entra ID Administrator

First, setup a service principal and give it permissions to ADF, so that the ADF metadata is read into Loome Portal as assets and activities.

  • Navigate to https://portal.azure.com and sign in as an Microsoft Entra ID administrator.
  • Go to Microsoft Entra ID > App Registrations.
  • Click on ‘New Registration’.
  • Provide a name, such as ‘Loome ADF Sync’ or a name that suits your organisation’s naming conventions.
  • No other settings need to be configured on this page.
  • Click on ‘Register’.
  • On the ‘Overview’ page of the App Registration, note the following information as it will need to be entered in to the Loome Portal tenant.
    • Application (client) ID
    • Directory (tenant) ID
  • Go to ‘Certificates & secrets’ from the left navigation menu.
  • Click on ‘New client secret’ and from the ‘Add a client secret’ slide out.
    • Provide a description indicating its use within Loome Portal.
    • Set an appropriate expiry date based on your tenant guidelines.
      • NOTE: Renewing this secret and updating Loome Portal will become a recurring task based on how long you set the expiration date.
    • Click ‘Add’ down the bottom.
    • Note the ‘Value’ field of the newly added secret as it will need to be entered into the Loome Portal tenant.

Please note that when you renew the client secret due to the expiry date, you will need to update Loome Portal as a recurring task when it expires. This will be based on how long you have set the expiration date.

Assigning Permissions to the ADF Service Principal

Required Account: Microsoft Entra ID account with permission management to each Data Factory

Next, grant the Service Principal with permissions to each Data Factory that should be synced to Loome Portal.

  • For each Data Factory;
    • Navigate to your Azure Data Factory in https://portal.azure.com
    • Go to ‘Access control (IAM)’ from the left navigation menu.
    • Click on ‘Add’ and then ‘Add role assignment’ .
    • Under ‘Job function roles’, find the ‘Reader’ role and select it, click ‘Next’.
    • Click on ‘+ Select Members
    • Find the previously created Service Principal, select it, and then click on ‘Select’.     
    • Click on ‘Review and Assign’ and complete the permission assignment.