How to use managed identity in ADF or synapse linked service

Question

Hi ,

I need some clarity on how managed identity works in linked service.

As per my understanding,

1. We create a app registration for synapse or ADF.
2. We get the ID of app registration.
3. Go to the resource we want to access from Synapse or ADF. Navigate to access control and add new role, and provide App registration ID (Managed identity object ID) created in 1st step.

Doubts:

1. We will have only one synapse or ADF app registration, and will use same ID to access all resources.
2. How is it different from service Principal.
3. Any difference in my understanding?

Answer 1

Hi Ranjana

An app registration is the global definition of a registered Microsoft Entra app that can be used by multiple tenants. On the other hand, a service principal is the local representation of the app registration for use in a specific tenant. A service principal links to its app registration and can be referenced by more than one service principal in organizations with multiple Microsoft Entra tenants.

Service principal authentication is useful in situations such as automated auditing processes, no need to sign in to the Power BI service, shared access to data, use by multiple administrators, and technical blockers.

I hope now you may have more clear and better understanding, please accept or upvote if it is

Else please let us know with further questions

Thanks

Deepanshu

Answer 2

There are 2 types of managed identity:

1. system assigned managed identity

2)User assigned Managed identity

by default for ADF, a unique id gets generated per ADF in case of system assigned managed identity.

There is something called as Managed identity at AD level which would create a unique ID at the AD level which you can assign for all ADF/synapse in case if you switch to the User assigned identitiy

Service principals authentication needs a client ID and a secret whereas in case of managed identity, the MSFT offering internally authenticates