This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 70%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
We have a requirement to download a file via SFTP. To test we used SFTP (preview) with Datalake storage. SFTP file download worked after performing the following steps:
Create storage account
Enable SFTP (preview)
Create container
Upload file to container through portal
Add a local user with all permissions
Download file with user connection string and password. Tested with Powershell and then our device, both worked.
Now we would like to create an app to maintain local users in the portal. In our case a local user is a device. The requirement is that each device is a unique local user. Our app will list all users (devices) for a storage account. The app will be able to create or delete a local user (device) in Azure. The problem is I have not found a way to programmatically add a local user. As well there is a limitation of 1000 local users per storage account. There can be thousands of devices. Lastly, we would like to be able to group devices by location. Is it possible to programmatically create local users? Can we programmatically get a list of users in the portal? What is the recommended design approach to accomplish our goal of creating an app to maintain devices in Azure storage?
An Azure service that stores unstructured data in the cloud as blobs.
Based on your description, I believe, you can use Azure AD with Storage to ensure that you have limitless user management features. With Azure AD and Azure role based access control, you can grand permissions to a security principal (user, group or application service principal).
Hope this helps
Azure Storage doesn't support shared access signature (SAS), or Azure Active directory (Azure AD) authentication for accessing the SFTP endpoint. Instead, you must use an identity called local user that can be secured with an Azure generated password or a secure shell (SSH) key pair. To grant access to a connecting client, the storage account must have an identity associated with the password or key pair. That identity is called a local user.
Yes, You are right.
Local users are the only form of Identity management that is currently supported.
Can you look in to architect your solution to use different storage accounts to achive the scale. If you are planning to do so, keep in mind the storage account limits