Retrieve the IP address of a Workflow Orchestration Manager cluster
APPLIES TO: 
Azure Data Factory 
Azure Synapse Analytics
Tip
Try out Data Factory in Microsoft Fabric, an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!
Note
This feature is in public preview. Workflow Orchestration Manager is powered by Apache Airflow.
This article demonstrates how to retrieve and add the IP address associated with your Workflow Orchestration Manager cluster to your storage firewall's allowlist. This enhances the security of data stores and resources by restricting access solely to the Workflow Orchestration Manager cluster within Azure Data Factory, preventing access from all other IP addresses via the public endpoint.
Note
Importing DAGs is currently not supported by using blob storage with IP allow listing or by using private endpoints. We suggest using Git sync instead.
Prerequisites
- Azure subscription: If you don't have an Azure subscription, create a free Azure account before you begin.
Retrieve the bearer token for the Airflow API
- Similar to the authentication process used in the standard Azure REST API, acquiring an access token from Microsoft Entra ID is required before you make a call to the Airflow REST API. For more information on how to obtain the token from Microsoft Entra ID, see Azure REST API reference.
- Also, the service principal used to obtain the access token needs to have at least a Contributor role on the Azure Data Factory instance where the Airflow integration runtime is located.
For more information, see the following screenshots.
Use the Microsoft Entra ID API call to get an access token.
Use the access token acquired as a bearer token from step 1 to invoke the Airflow API.
Retrieve the Workflow Orchestration Manager cluster's IP address
Use the Workflow Orchestration Manager UI.
Use the Rest API. For more information, see Workflow Orchestration Manager IP address - Get.
You should retrieve the Airflow cluster's IP address from the response, as shown in the screenshot.
Sample response
Add the Workflow Orchestration Manager cluster IP address to the storage account you want to secure
Note
You can add the Workflow Orchestration Manager IP address to other storage services too, like Azure SQL Database and Azure Key Vault.
- To add a Workflow Orchestration Manager cluster IP address in Azure Key Vault, see Azure SQL Database and Azure Synapse IP firewall rules.
- To add a Workflow Orchestration Manager cluster IP address in Azure Blob Storage, see Configure Azure Storage firewalls and virtual networks.
- To add a Workflow Orchestration Manager cluster IP address in Azure SQL Database, see Configure Azure Key Vault firewalls and virtual networks.
- To add a Workflow Orchestration Manager cluster IP address in Azure PostgreSQL Database, see Create and manage firewall rules for Azure Database for PostgreSQL - Single server using the Azure portal.
Related content
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for