Merge pull request #179438 from whhender/UAMI-Update

Updating docs for UAMI

Author: laurabren

articles/purview/create-catalog-portal.md

@@ -3,7 +3,7 @@ title: 'Quickstart: Create a Purview account in the Azure portal'
 description: This Quickstart describes how to create an Azure Purview account and configure permissions to begin using it.
 author: nayenama
 ms.author: nayenama
-ms.date: 09/27/2021
+ms.date: 11/15/2021
 ms.topic: quickstart
 ms.service: purview
 ms.custom: mode-portal
@@ -67,8 +67,14 @@ After your Azure Purview account is created, you'll use the Purview Studio to ac
 
 In this quickstart, you learned how to create an Azure Purview account and how to access it through the Purview Studio.
 
-Follow these next articles to learn how to navigate the Purview Studio, create a collection, and grant access to Purview.
+Next, you can create a user-assigned managed identity (UAMI) that will enable your new Azure Purview account to authenticate directly with resources using Azure Active Directory (Azure AD) authentication.
+
+To create a UAMI follow our [guide to create a user-assigned managed identity](manage-credentials.md#create-a-user-assigned-managed-identity).
+
+Follow these next articles to learn how to navigate the Purview Studio, create a collection, and grant access to Purview:
 
 * [Using the Purview Studio](use-purview-studio.md)
 * [Create a collection](quickstart-create-collection.md)
 * [Add users to your Azure Purview account](catalog-permissions.md)
+
+

articles/purview/manage-credentials.md

@@ -6,7 +6,7 @@ ms.author: viseshag
 ms.service: purview
 ms.subservice: purview-data-map
 ms.topic: how-to
-ms.date: 05/08/2021
+ms.date: 11/10/2021
 ms.custom: ignite-fall-2021
 ---
 
@@ -24,18 +24,20 @@ A credential is authentication information that Azure Purview can use to authent
 
 In Azure Purview, there are few options to use as authentication method to scan data sources such as the following options:
 
-- Azure Purview Managed Identity
-- Account Key (using Key Vault)
-- SQL Authentication (using Key Vault)
-- Service Principal (using Key Vault)
+- [Azure Purview system-assigned managed identity](#use-purview-system-assigned-managed-identity-to-set-up-scans)
+- [User-assigned managed identity](#create-a-user-assigned-managed-identity) (preview)
+- Account Key (using [Key Vault](#create-azure-key-vaults-connections-in-your-azure-purview-account))
+- SQL Authentication (using [Key Vault](#create-azure-key-vaults-connections-in-your-azure-purview-account))
+- Service Principal (using [Key Vault](#create-azure-key-vaults-connections-in-your-azure-purview-account))
+- Consumer Key (using [Key Vault](#create-azure-key-vaults-connections-in-your-azure-purview-account))
 
 Before creating any credentials, consider your data source types and networking requirements to decide which authentication method is needed for your scenario. Review the following decision tree to find which credential is most suitable:
 
    :::image type="content" source="media/manage-credentials/manage-credentials-decision-tree-small.png" alt-text="Manage credentials decision tree" lightbox="media/manage-credentials/manage-credentials-decision-tree.png":::
 
-## Use Purview managed identity to set up scans
+## Use Purview system-assigned managed identity to set up scans
 
-If you are using the Purview managed identity to set up scans, you will not have to explicitly create a credential and link your key vault to Purview to store them. For detailed instructions on adding the Purview managed identity to have access to scan your data sources, refer to the data source-specific authentication sections below:
+If you are using the Purview system-assigned managed identity (SAMI) to set up scans, you will not have to explicitly create a credential and link your key vault to Purview to store them. For detailed instructions on adding the Purview SAMI to have access to scan your data sources, refer to the data source-specific authentication sections below:
 
 - [Azure Blob Storage](register-scan-azure-blob-storage-source.md#authentication-for-a-scan)
 - [Azure Data Lake Storage Gen1](register-scan-adls-gen1.md#authentication-for-a-scan)
@@ -62,14 +64,14 @@ Before you can create a Credential, first associate one or more of your existing
 
    :::image type="content" source="media/manage-credentials/view-kv-connections.png" alt-text="View Azure Key Vault connections to confirm.":::
 
-## Grant the Purview managed identity access to your Azure Key Vault
+## Grant Azure Purview access to your Azure Key Vault
 
 Currently Azure Key Vault supports two permission models:
 
 - Option 1 - Access Policies 
 - Option 2 - Role-based Access Control 
 
-Before assigning access to Purview managed identity, first identify your Azure Key Vault permission model from Key Vault resource **Access Policies** in the menu. Follow steps below based on relevant the permission model.  
+Before assigning access to the Purview system-assigned managed identity (SAMI), first identify your Azure Key Vault permission model from Key Vault resource **Access Policies** in the menu. Follow steps below based on relevant the permission model.  
 
 :::image type="content" source="media/manage-credentials/akv-permission-model.png" alt-text="Azure Key Vault Permission Model"::: 
 
@@ -83,11 +85,11 @@ Follow these steps only if permission model in your Azure Key Vault resource is
 
 3. Select **Add Access Policy**.
 
-   :::image type="content" source="media/manage-credentials/add-msi-to-akv-2.png" alt-text="Add Purview MSI to AKV":::
+   :::image type="content" source="media/manage-credentials/add-msi-to-akv-2.png" alt-text="Add Purview managed identity to AKV":::
 
 4. In the **Secrets permissions** dropdown, select **Get** and **List** permissions.
 
-5. For **Select principal**, choose the Purview managed identity. You can search for the Purview MSI using either the Purview instance name **or** the managed identity application ID. We do not currently support compound identities (managed identity name + application ID).
+5. For **Select principal**, choose the Purview system managed identity. You can search for the Purview SAMI using either the Purview instance name **or** the managed identity application ID. We do not currently support compound identities (managed identity name + application ID).
 
    :::image type="content" source="media/manage-credentials/add-access-policy.png" alt-text="Add access policy":::
 
@@ -107,7 +109,7 @@ Follow these steps only if permission model in your Azure Key Vault resource is
 
 3. Select **+ Add**.
 
-4. Set the **Role** to **Key Vault Secrets User** and enter your enter your Azure Purview account name under **Select** input box. Then, select Save to give this role assignment to your Purview account.
+4. Set the **Role** to **Key Vault Secrets User** and enter your Azure Purview account name under **Select** input box. Then, select Save to give this role assignment to your Purview account.
 
    :::image type="content" source="media/manage-credentials/akv-add-rbac.png" alt-text="Azure Key Vault RBAC":::
 
@@ -120,7 +122,9 @@ These credential types are supported in Purview:
 - Service Principal: You add the **service principal key** as a secret in key vault.
 - SQL authentication: You add the **password** as a secret in key vault.
 - Account Key: You add the **account key** as a secret in key vault.
-- Role ARN: For an Amazon S3 data source, add your **role ARN** in AWS. 
+- Role ARN: For an Amazon S3 data source, add your **role ARN** in AWS.
+- Consumer Key: For Salesforce data sources, you can add the **password** and the **consumer secret** in key vault.
+- User-assigned managed identity (preview): You can add user-assigned managed identity credentials. For more information, see the [create a user-assigned managed identity section](#create-a-user-assigned-managed-identity) below.
 
 For more information, see [Add a secret to Key Vault](../key-vault/secrets/quick-create-portal.md#add-a-secret-to-key-vault) and [Create a new AWS role for Purview](register-scan-amazon-s3.md#create-a-new-aws-role-for-purview).
 
@@ -158,6 +162,49 @@ After storing your secrets in the key vault:
 
 3. Delete one or more Credentials.
 
+## Create a user-assigned managed identity
+
+User-assigned managed identities (UAMI) enable Azure resources to authenticate directly with other resources using Azure Active Directory (Azure AD) authentication, without the need to manage those credentials. They allow you to authenticate and assign access just like you would with a system assigned managed identity, Azure AD user, Azure AD group, or service principal. User-assigned managed identities are created as their own resource (rather than being connected to a pre-existing resource). For more information about managed identities, see the [managed identities for Azure resources documentation](../active-directory/managed-identities-azure-resources/overview.md).
+
+The following steps will show you how to create a UAMI for Purview to use.
+
+### Supported data sources for UAMI
+
+* [Azure Data Lake Gen 1](register-scan-adls-gen1.md) 
+* [Azure Data Lake Gen 2](register-scan-adls-gen2.md) 
+* [Azure SQL Database](register-scan-azure-sql-database.md) 
+* [Azure SQL Database Managed Instance](register-scan-azure-sql-database-managed-instance.md)	 
+* [Azure SQL Dedicated SQL pools](register-scan-azure-synapse-analytics.md) 
+* [Azure Blob Storage](register-scan-azure-blob-storage-source.md) 
+
+### Create a user-assigned managed identity
+
+1. In the [Azure Portal](https://portal.azure.com/) navigate to your Azure Purview account.
+
+1. In the **Managed identities** section on the left menu, select the **+ Add** button to add user assigned managed identities.  
+    
+    :::image type="content" source="media/manage-credentials/create-new-managed-identity.png" alt-text="Screenshot showing managed identity screen in the Azure portal with user-assigned and add highlighted.":::
+   
+1. After finishing the setup, go back to your Azure Purview account in the Azure Portal. If the managed identity is successfully deployed, you'll see the Azure Purview account's status as **Succeeded**.
+
+   :::image type="content" source="media/manage-credentials/status-successful.png" alt-text="Screenshot the Azure Purview account in the Azure Portal with Status highlighted under the overview tab and essentials menu.":::
+
+
+1. Once the managed identity is successfully deployed, navigate to the [Purview Studio](https://web.purview.azure.com/), by selecting the **Open Purview Studio** button.
+
+1. In the [Purview Studio](https://web.purview.azure.com/), navigate to the Management Center in the studio and then navigate to the Credentials section.
+
+1. Create a user-assigned managed identity by selecting **+New**. 
+1. Select the Managed identity authentication method, and select your user assigned managed identity from the drop down menu.
+
+   :::image type="content" source="media/manage-credentials/new-user-assigned-managed-identity-credential.png" alt-text="Screenshot showing the new managed identity creation tile, with the Learn More link highlighted.":::  
+
+    >[!NOTE]
+    > If the portal was open during creation of your user assigned managed identity, you'll need to refresh the Purview web portal to load the settings finished in the Azure portal.
+
+1. After all the information is filled in, select **Create**.
+
+
 ## Next steps
 
 [Create a scan rule set](create-a-scan-rule-set.md)