You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/hdinsight-sync-aad-users-to-cluster.md
+22-22Lines changed: 22 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,18 +1,18 @@
1
1
---
2
2
title: Synchronize Azure Active Directory users to HDInsight cluster
3
3
description: Synchronize authenticated users from Azure Active Directory to an HDInsight cluster.
4
-
ms.service: hdinsight
5
4
author: ashishthaps
6
5
ms.author: ashishth
7
6
ms.reviewer: jasonh
8
-
ms.custom: hdinsightactive
7
+
ms.service: hdinsight
9
8
ms.topic: conceptual
10
-
ms.date: 09/24/2018
9
+
ms.custom: hdinsightactive
10
+
ms.date: 11/21/2019
11
11
---
12
12
13
13
# Synchronize Azure Active Directory users to an HDInsight cluster
14
14
15
-
[HDInsight clusters with Enterprise Security Package (ESP)](hdinsight-domain-joined-introduction.md) can use strong authentication with Azure Active Directory (Azure AD) users, as well as use *role-based access control* (RBAC) policies. As you add users and groups to Azure AD, you can synchronize the users who need access to your cluster.
15
+
[HDInsight clusters with Enterprise Security Package (ESP)](hdinsight-domain-joined-introduction.md) can use strong authentication with Azure Active Directory (Azure AD) users, as well as use *role-based access control* (RBAC) policies. As you add users and groups to Azure AD, you can synchronize the users who need access to your cluster.
16
16
17
17
## Prerequisites
18
18
@@ -22,7 +22,7 @@ If you have not already done so, [create a HDInsight cluster with Enterprise Sec
22
22
23
23
To view your hosts, open the Ambari Web UI. Each node will be updated with new unattended upgrade settings.
24
24
25
-
1.In the [Azure portal](https://portal.azure.com), navigate to the Azure AD directory associated with your ESP cluster.
25
+
1.From the [Azure portal](https://portal.azure.com), navigate to the Azure AD directory associated with your ESP cluster.
26
26
27
27
2. Select **All users** from the left-hand menu, then select **New user**.
28
28
@@ -40,20 +40,20 @@ User groups specified during the cluster creation process are synchronized at th
40
40
41
41
The following method uses POST with the Ambari REST API. For more information, see [Manage HDInsight clusters by using the Apache Ambari REST API](hdinsight-hadoop-manage-ambari-rest-api.md).
42
42
43
-
1.[Connect to your cluster with SSH](hdinsight-hadoop-linux-use-ssh-unix.md). From the overview pane for your cluster in the Azure portal, select the **Secure Shell (SSH)** button.
1. Use [ssh command](hdinsight-hadoop-linux-use-ssh-unix.md) to connect to your cluster. Edit the command below by replacing `CLUSTERNAME` with the name of your cluster, and then enter the command:
46
44
47
-
2. Copy the displayed `ssh` command and paste it into your SSH client. Enter the ssh user password when prompted.
@@ -115,14 +115,14 @@ The following method uses POST with the Ambari REST API. For more information, s
115
115
}
116
116
```
117
117
118
-
5. This result shows that the status is **COMPLETE**, one new user was created, and the user was assigned a membership. In this example, the user is assigned to the "HiveUsers" synchronized LDAP group, since the user was added to that same group in Azure AD.
118
+
1. This result shows that the status is **COMPLETE**, one new user was created, and the user was assigned a membership. In this example, the user is assigned to the "HiveUsers" synchronized LDAP group, since the user was added to that same group in Azure AD.
119
119
120
-
> [!NOTE]
121
-
> The previous method only synchronizes the Azure AD groups specified in the **Access user group** property of the domain settings during cluster creation. For more information, see [create an HDInsight cluster](domain-joined/apache-domain-joined-configure.md).
120
+
> [!NOTE]
121
+
> The previous method only synchronizes the Azure AD groups specified in the **Access user group** property of the domain settings during cluster creation. For more information, see [create an HDInsight cluster](domain-joined/apache-domain-joined-configure.md).
122
122
123
123
## Verify the newly added Azure AD user
124
124
125
-
Open the [Apache Ambari Web UI](hdinsight-hadoop-manage-ambari.md) to verify that the new Azure AD user was added. Access the Ambari Web UI by browsing to **`https://<YOUR CLUSTER NAME>.azurehdinsight.net`**. Enter the cluster administrator username and password.
125
+
Open the [Apache Ambari Web UI](hdinsight-hadoop-manage-ambari.md) to verify that the new Azure AD user was added. Access the Ambari Web UI by browsing to **`https://CLUSTERNAME.azurehdinsight.net`**. Enter the cluster administrator username and password.
126
126
127
127
1. From the Ambari dashboard, select **Manage Ambari** under the **admin** menu.
128
128
@@ -138,7 +138,7 @@ Open the [Apache Ambari Web UI](hdinsight-hadoop-manage-ambari.md) to verify tha
138
138
139
139
## Log in to Ambari as the new user
140
140
141
-
When the new user (or any other domain user) logs in to Ambari, they use their full Azure AD user name and domain credentials. Ambari displays a user alias, which is the display name of the user in Azure AD.
141
+
When the new user (or any other domain user) logs in to Ambari, they use their full Azure AD user name and domain credentials. Ambari displays a user alias, which is the display name of the user in Azure AD.
142
142
The new example user has the user name `[email protected]`. In Ambari, this new user shows up as `hiveuser3` but the user logs into Ambari as `[email protected]`.
0 commit comments