How to use system-assigned mi in data factory linked service for cosmos db (no-sql)?

Question

How to use system-assigned mi in data factory linked service for cosmos db (no-sql)?

Boomgaard, Guusje 0

User's image

I have a dataflow in data factory from which I want to write data to my database in cosmos DB (NO-SQL). I want to use the system assigned managed identity. In the azure data factory documentation I read that I need to make use of the advanced properties in order to do that. The documentation does not specify exactly how to do that, but it provides a json template:

{
    "name": "CosmosDbSQLAPILinkedService",
    "properties": {
        "type": "CosmosDb",
        "typeProperties": {
            "accountEndpoint": "<account endpoint>",
            "database": "<database name>",
            "subscriptionId": "<subscription id>",
            "tenantId": "<tenant id>",
            "resourceGroup": "<resource group>"
        },
        "connectVia": {
            "referenceName": "<name of Integration Runtime>",
            "type": "IntegrationRuntimeReference"
        }
    }
}

Should this template be used completely in the advanced textbox in the datafactory linked service UI? For example:

User's image

Thanks!

Smaran Thoomu 32,530 Reputation points Microsoft External Staff Moderator

2025-07-17T10:26:03.38+00:00

Boomgaard, Guusje We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Smaran Thoomu 32,530 Reputation points Microsoft External Staff Moderator

2025-07-17T10:26:03.38+00:00

Boomgaard, Guusje We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hello !

Thank you for posting on Microsoft Learn.

The JSON template should be used completely in the Specify dynamic contents in JSON format textbox under the Advanced section of the Linked Service creation UI in ADF. This is the correct way to configure system-assigned managed identity for Cosmos DB (NoSQL), especially when the standard UI does not expose all necessary fields like subscription ID, tenant ID, or resource group.

ADF default UI for Cosmos DB (NoSQL) Linked Service does not fully support system-assigned managed identity out of the box.

The JSON format lets you provide advanced properties such as subscriptionId, tenantId, and resourceGroup, which are required for authentication using a system-assigned managed identity.

As mentioned in the documentation, system-assigned managed identity is only supported via advanced JSON properties.

You need to select:

Authentication method: System-assigned managed identity
Account selection method (doesn’t matter you’ll override it in JSON)

Then tick Specify dynamic contents in JSON format, paste and customize this full JSON snippet:

{
  "name": "CosmosDbSQLAPI1LinkedService",
  "properties": {
    "type": "CosmosDb",
    "typeProperties": {
      "accountEndpoint": "https://<account name>.documents.azure.com:443/",
      "database": "<database name>",
      "subscriptionId": "<subscription id>",
      "tenantId": "<tenant id>",
      "resourceGroup": "<resource group>"
    },
    "connectVia": {
      "referenceName": "<your IR name>",
      "type": "IntegrationRuntimeReference"
    }
  }
}

Share via

How to use system-assigned mi in data factory linked service for cosmos db (no-sql)?

1 answer

Your answer