# Steps to be Performed by Customer Account **Step 1: Create a User-Assigned Managed Identity** 1. Navigate to the Azure Portal. 2. Search for **Managed Identities** and select it. 3. Click **+ Create** 4. Choose your **Subscription** and **Resource Group**. 5. Enter a **Name** (e.g., customer). 6. Select the **Region**. 7. Click **Review + Create**, then **Create**.

#### Step 2: Add Federated Credentials 1. Open the newly created Managed Identity.

2. In the left menu, click **Federated credentials**. 3. Click **+ Add credential**. 4. In **Federated credential scenario**, select **Kubernetes accessing Azure resources**. 5. Enter the following details: * **Cluster Issuer URL**: (based on your AKS cluster configuration) * **Namespace**: \ * **Service Account**: \ 6. Click **Add**.

#### Step 3: Assign Role-Based Access Control (RBAC) Permissions 1. Open the Managed Identity. 2. In the left menu, click **Access control (IAM)**. 3. Click **+ Add role assignment**. 4. Assign the following role(s): * **Storage Blob Data Reader** (read-only access) 5. Click **Next**, then select **Managed Identity** as the principal type. 6. Search for your identity (e.g., customer) and select it. 7. Click **Review + Assign**. #### Step 4: Retrieve Identity Information 1. Open the Managed Identity. 2. From the **Overview** page, note down: * **Client ID** * **Principal ID** 3. These values will be used by e6data in Kubernetes and Azure services for secure authentication. #### Step 5: Deploy in Serverless Account After configuring the Managed Identity and role assignments, you can now deploy a Kubernetes pod in the **Serverless Account** to access storage in the **Customer Account**. {% hint style="info" %} **Note:** All these steps can also be performed via an **ARM template**. {% endhint %}