Access Document Intelligence with Service Principal or Managed Identity

PatrickPan2012 60 Reputation points
2023-11-09T13:23:47.8966667+00:00

Dear Sir or Madam,

Document Intelligence can be accessed via its keys and it is recommended to store keys into Azure Key Vault. However, can Service Princiapl or Manged Identity be used to access the endpoint of Document Intelligence?

If yes, what roles or permissions should be granted to follow the principle of least privilege?

Thanks.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,442 questions
Azure AI Document Intelligence
Azure AI Document Intelligence
An Azure service that turns documents into usable data. Previously known as Azure Form Recognizer.
1,627 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Tushar Kumar 3,321 Reputation points MVP
    2023-11-09T15:36:54.7133333+00:00

    You can store keys in key vault and provide access to managed Identity using RBAC roles.

    https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-opera

    You can pick right role based on access requirement:

    Key Vault Secrets Officer

    User's image


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.