# Steps to be Performed by Customer Account

**Step 1: Create a User-Assigned Managed Identity**

1. Navigate to the Azure Portal.
2. Search for **Managed Identities** and select it.
3. Click **+ Create**
4. Choose your **Subscription** and **Resource Group**.
5. Enter a **Name** (e.g., customer).
6. Select the **Region**.
7. Click **Review + Create**, then **Create**.

<figure><img src="/files/lp4bEaVzEUXxzzGS1TC9" alt=""><figcaption></figcaption></figure>

#### Step 2: Add Federated Credentials

1. Open the newly created Managed Identity.

<figure><img src="/files/UXq0UEcl4QCSysFcOIKo" alt=""><figcaption></figcaption></figure>

2. In the left menu, click **Federated credentials**.
3. Click **+ Add credential**.
4. In **Federated credential scenario**, select **Kubernetes accessing Azure resources**.
5. Enter the following details:
   * **Cluster Issuer URL**: (based on your AKS cluster configuration)
   * **Namespace**: \<namespace>
   * **Service Account**: \<service-account>
6. Click **Add**.

<figure><img src="/files/NJ1lG049ZxDk8JgSoBND" alt=""><figcaption></figcaption></figure>

#### Step 3: Assign Role-Based Access Control (RBAC) Permissions

1. Open the Managed Identity.
2. In the left menu, click **Access control (IAM)**.
3. Click **+ Add role assignment**.
4. Assign the following role(s):
   * **Storage Blob Data Reader** (read-only access)
5. Click **Next**, then select **Managed Identity** as the principal type.
6. Search for your identity (e.g., customer) and select it.
7. Click **Review + Assign**.

#### Step 4: Retrieve Identity Information

1. Open the Managed Identity.
2. From the **Overview** page, note down:
   * **Client ID**
   * **Principal ID**
3. These values will be used by e6data in Kubernetes and Azure services for secure authentication.

#### Step 5: Deploy in Serverless Account

After configuring the Managed Identity and role assignments, you can now deploy a Kubernetes pod in the **Serverless Account** to access storage in the **Customer Account**.

{% hint style="info" %}
**Note:** All these steps can also be performed via an **ARM template**.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.e6data.com/product-documentation/setup/azure-setup/configure-azure-storage-access-for-serverless-compute-azure/steps-to-be-performed-by-customer-account.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.