Using federated workload identity in TORUS to authenticate into a CORP resource in AML

Question

Using federated workload identity in TORUS to authenticate into a CORP resource in AML

Ayleen Durasno 25 Microsoft Employee

Hello! I have a pipeline which fetches files from a repo in CORP tenant. This pipeline is however running in a TORUS environment. I have completed the following steps to enable access to the AML compute cluster.

Created an app registration in TORUS and created a federated workload identity for the AML compute cluster
Created a SP in CORP tenant which reflects the app registration in TORUS. This required a form.
Gave genericRead perms to the SP.

When I run the pipeline however I receive an error that the api request to read the repo has failed. What could be happening?

Pravallika KV 9,005 Reputation points Microsoft External Staff Moderator

2026-01-27T03:18:31.2666667+00:00

Hi @Ayleen Durasno ,

Thanks for reaching out to Microsoft Q&A.

We will investigate the issue and update you shortly.
Manas Mohanty 14,095 Reputation points Microsoft External Staff Moderator

2026-02-10T09:16:41.9933333+00:00

Hi Ayleen Durasno,

Could you share the error trace along the documentation you are referencing to use Torus and Federated Credentials.

Thank you.
Manas Mohanty 14,095 Reputation points Microsoft External Staff Moderator

2026-02-12T10:49:00.9733333+00:00

Hi Ayleen Durasno

We could not hear from you. Please reply back with documentation on Torus/error traces if you still need further assistance.

Thank you.

1 answer

Your answer

Pravallika KV 9,005 Reputation points Microsoft External Staff Moderator

2026-01-27T03:18:31.2666667+00:00

Hi @Ayleen Durasno ,

Thanks for reaching out to Microsoft Q&A.

We will investigate the issue and update you shortly.
Manas Mohanty 14,095 Reputation points Microsoft External Staff Moderator

2026-02-10T09:16:41.9933333+00:00

Hi Ayleen Durasno,

Could you share the error trace along the documentation you are referencing to use Torus and Federated Credentials.

Thank you.
Manas Mohanty 14,095 Reputation points Microsoft External Staff Moderator

2026-02-12T10:49:00.9733333+00:00

Hi Ayleen Durasno

We could not hear from you. Please reply back with documentation on Torus/error traces if you still need further assistance.

Thank you.

Answer 1

It sounds like you have set up the federated workload identity correctly, but there may be a few areas to check that could be causing the API request failure:

Permissions: Ensure that the service principal (SP) in the CORP tenant has the appropriate permissions to access the resources in the repo. While you mentioned giving genericRead permissions, double-check that these permissions are correctly assigned and that there are no additional required permissions for the specific API call you are making.
Federated Identity Configuration: Verify that the federated workload identity is correctly configured in both the TORUS and CORP environments. Ensure that the issuer and subject claims are correctly set up and that the trust relationship is established properly.
Token Acquisition: Check if the pipeline is successfully acquiring the token from the federated identity. If the token is not being issued correctly, it would lead to authentication failures when trying to access the repo.
Network and Firewall Settings: Ensure that there are no network restrictions or firewall settings that might be blocking the API requests from the TORUS environment to the CORP resources.
Error Logs: Look into the error logs for more specific information about the failure. The logs might provide insights into whether the issue is related to authentication, permissions, or something else.

By reviewing these areas, you should be able to identify the root cause of the API request failure in your pipeline.

Share via

Using federated workload identity in TORUS to authenticate into a CORP resource in AML

1 answer

Your answer