Azure Batch Authentication with user subscription mode

Hello! Is there a way to authenticate Azure Batch with user subscription mode via Microsoft Entra ID to run it with a nextflow pipeline? The guides I have found are only based on key authentications. Thank you in advance.

Use an Entra ID: Azure Cloud — Nextflow documentation

Two methods:

  • Service Principal: From outside of Azure, using ID and secret
  • Managed identity (Nextflow edge only): From within Azure, using Azure automation

Perfect! Thank you, Adam. Using the Service Principal works, but we have an other problem. It seems that we can’t use the same nextflow batch config file for a regular Batch Account and the new Batch Account with user subscription mode. We cant create the pools we want. Could you help us with that please? Thanks in advance.

Might be easier to debug if you share the configuration example and the specific error you are seeing. If the service principal you are authenticating as has permissions you should be able to point it at different accounts by changing the azure.batch.accountName and azure.storage.accountName config settings.

azure {
    activeDirectory {
        servicePrincipalId     = "$AZURE_SERVICE_PRINCIPAL_ID"
        servicePrincipalSecret = "$AZURE_SERVICE_PRINCIPAL_SECRET"
        tenantId               = "$AZURE_APPLICATION_TENANT_ID"
    }
    storage {
        accountName  = "$AZURE_STORAGE_ACCOUNT_NAME_1"
    }
    batch {
        location     = "$AZURE_BATCH_ACCOUNT_REGION"
        accountName  = "$AZURE_BATCH_ACCOUNT_NAME_1"
   }
}