How to use managed identity in ADF or synapse linked service

Ranjana 0 Reputation points
2024-06-21T06:58:15.7266667+00:00

Hi ,

I need some clarity on how managed identity works in linked service.

As per my understanding,

  1. We create a app registration for synapse or ADF.
  2. We get the ID of app registration.
  3. Go to the resource we want to access from Synapse or ADF. Navigate to access control and add new role, and provide App registration ID (Managed identity object ID) created in 1st step.

Doubts:

  1. We will have only one synapse or ADF app registration, and will use same ID to access all resources.
  2. How is it different from service Principal.
  3. Any difference in my understanding?
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,651 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Deepanshukatara-6769 7,525 Reputation points
    2024-06-21T08:21:09.3733333+00:00

    Hi Ranjana

    An app registration is the global definition of a registered Microsoft Entra app that can be used by multiple tenants. On the other hand, a service principal is the local representation of the app registration for use in a specific tenant. A service principal links to its app registration and can be referenced by more than one service principal in organizations with multiple Microsoft Entra tenants.

    Service principal authentication is useful in situations such as automated auditing processes, no need to sign in to the Power BI service, shared access to data, use by multiple administrators, and technical blockers.

    I hope now you may have more clear and better understanding, please accept or upvote if it is

    Else please let us know with further questions

    Thanks

    Deepanshu

    0 comments No comments

  2. Nandan Hegde 30,951 Reputation points MVP
    2024-06-21T08:23:56.21+00:00

    There are 2 types of managed identity:

    1. system assigned managed identity

    2)User assigned Managed identity

    User's image

    by default for ADF, a unique id gets generated per ADF in case of system assigned managed identity.

    There is something called as Managed identity at AD level which would create a unique ID at the AD level which you can assign for all ADF/synapse in case if you switch to the User assigned identitiy

    User's image

    Service principals authentication needs a client ID and a secret whereas in case of managed identity, the MSFT offering internally authenticates

    0 comments No comments