Azure Cognitive Search
An Azure search service with built-in artificial intelligence capabilities that enrich information to help identify and explore relevant content at scale.
259 questions
How to connect to storage account of different subscription from cognitive search using user managed identity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 17%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Vijayakumar, Vishal Vijay
0
Reputation points
how will i connect my storage account containers in different subscription to my cognitive search using user manged identity?
{count} votes
-
Konstantinos Passadis 5,421 Reputation points2023-05-20T06:18:23.7333333+00:00 Hello @Vijayakumar, Vishal Vijay !
Welcome o Microsoft QnA!
If the Subscription is on the same Tenant yes you can
But if the Subscription is on DIfferent Tenant (Directory) you cant
Can I use a managed identity to access a resource in a different directory/tenant?
No. Managed identities don't currently support cross-directory scenarios.
For Same Directory the process is standard
The process is here
https://learn.microsoft.com/en-us/azure/search/search-indexer-overview
In short :
Create a User Managed Identity
Assign the Identity to Azure Cognitive Search
Grant Permissions to Managed Identity: The managed identity needs to be granted the
Storage Blob Data Readerrole on the Azure Storage Account. To do this, go to the Storage Account > Access Control (IAM) > Add role assignment. For Role, selectStorage Blob Data Reader, and for Assign access to, selectUser assigned managed identityAdd the data source to Azure Cognitive Search: Now you can add the Azure Storage container as a data source to your Azure Cognitive Search service. Go to your Azure Cognitive Search service in the portal, and under Import data, select +Add data source.
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
-
Vijayakumar, Vishal Vijay 0 Reputation points
2023-05-21T06:08:44.8233333+00:00 While adding the data source under import data section, there is this error which tells "Cannot retrieve connection string because the data source is not found within the subscription".
How can I connect to this data source of different subscription from Az cognitive search using user managed identity. -
Konstantinos Passadis 5,421 Reputation points
2023-05-21T10:49:39.92+00:00 Hello @Vijayakumar, Vishal Vijay !
It seems that the subscription is on different Tenant aka Directory
In this case if you read above :
Can I use a managed identity to access a resource in a different directory/tenant?
No. Managed identities don't currently support cross-directory scenarios.
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
-
Vijayakumar, Vishal Vijay 0 Reputation points
2023-05-22T08:39:30.8366667+00:00 hello @Konstantinos Passadis ,
Both the subscriptions are from the same tenant, still the same error is popping up.
-
Konstantinos Passadis 5,421 Reputation points
2023-05-22T08:54:42.9366667+00:00 Hello @Vijayakumar, Vishal Vijay !
Have you checked this option on Storage Account :
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SnehaAgrawal-MSFT 12,646 Reputation points Microsoft Employee2023-05-23T14:50:23.5033333+00:00 Thanks for reaching here! I also see similar query here: https://learn.microsoft.com/en-us/answers/questions/1288857/how-to-connect-to-storage-account-of-different-sub
As mentioned in this document that Managed identity is only supported within the same subscription and tenant.
For other business needs, the suggestion option is using storage connection string or copy the data to a storage account within the same subscription.
Having said that suggest you share your feedback on Uservoice - All of the feedback, you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
Additionally, users with a similar request can up-vote you post and add their comments.
Please let us know if further query or issue remains.
-
SnehaAgrawal-MSFT 12,646 Reputation points Microsoft Employee
2023-05-24T17:29:01.19+00:00 Just checking if you have chance to see recent response.
Please let us know if further query or issue remains.
Sign in to comment