Share via

Can we use msgraph-sdk on Synapse Spark pool and authenticate using system assigned managed identity ?

Eswar Sahukari 0 Reputation points
2024-02-08T15:12:48.6566667+00:00

I have a requirement to fetch data from Microsoft Graph API. My synapse workspace Identity (System Assigned Managed Identity) has access to Microsoft Graph. How can I use Synapse Spark notebook to read data from Microsoft Graph using Synapse workspace managed identity authentication?I have gone through some documentation and found that we can use mssparkutils for Managed Identity Access using linked services but currently REST linked service is not supported.

Can you please help me if you have already gone through something similar? Thanks, Eswar

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
5,378 questions
Microsoft Security | Microsoft Graph
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amira Bedhiafi 33,631 Reputation points Volunteer Moderator
    2024-02-08T20:44:53.0533333+00:00

    There's a workaround for that and you need to start by granting access to Microsoft Graph which involves Azure AD admin consenting to the required API permissions (example User.Read, Files.Read). Since mssparkutils doesn't support REST linked services directly for Managed Identity access, you would need to authenticate using a different method : the Azure Identity library to authenticate to Microsoft Graph: You may need to install the Azure Identity library if not available in your Synapse Spark environment. This can usually be done via pip install commands in a notebook cell. However, since package management can vary in managed environments like Synapse, you may need to add the library through the Synapse workspace library management features. Then use the DefaultAzureCredential class from the Azure Identity SDK, which supports managed identities among other authentication methods. This class will automatically use the system-assigned managed identity of the Synapse workspace when running in the Azure environment. And here comes the part for calling Microsoft Graph API. You need to use the Azure Identity library to acquire an access token for Microsoft Graph (using the access token to call the Microsoft Graph API). 3This can be done by setting the Authorization header with the token in HTTP requests to the Graph API endpoints. You can use Python requests library or any other HTTP client library to make these calls. Example to better undersrand ;

    from azure.identity import DefaultAzureCredential
import requests
# You need to get a token for Microsoft Graph
credential = DefaultAzureCredential()
token = credential.get_token("https://graph.microsoft.com/.default")
headers = {'Authorization': 'Bearer ' + token.token}
# Example: you want to get the profile of the signed-in user
graph_response = requests.get("https://graph.microsoft.com/v1.0/me", headers=headers)
user_profile = graph_response.json()
# You can use the user_profile or other data as needed
print(user_profile)

    Please try an d tell us :)

    1 person found this answer helpful.
  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.