Update azure app configuration from azure data factory pipeline with managed identity

Eric Fitskie 96 Reputation points
2021-10-18T14:16:39.157+00:00

I would like to update an azure app configuration value at the end of my azure data factory pipeline with the managed identity authentication.

The Azure data factory has permission to manage the app configuration keys (App Configuration Data Owner).

For this i created an WebActivity that point to the azure app configuration url.

The authentication is set to "Managed Identity".

I can't find the correct value for "Resouce". I already tried different values, like "https://azconfig.io/" or "https://management.azure.com/" but none of these work.

The exception i got is "Invoking Web Activity failed with HttpStatusCode - 'Unauthorized', message - ''"

How can i update a app configuration key from azure data factory pipeline with managed identity?

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
207 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,567 questions
0 comments
Accepted answer
  1. svijay-MSFT 5,201 Reputation points Microsoft Employee
    2021-10-19T20:19:26.257+00:00

    Hello @Eric Fitskie ,

    Welcome to the Microsoft Q&A platform.

    I am assuming you are making use of the endpoint referenced here : https://learn.microsoft.com/en-us/rest/api/appconfiguration/

    if this is not the case, pls let me know.

    Now, when you have set the Authentication to Managed Identity.

    141850-image.png

    While making call, the Identity of the ADF is considered. i.e. when you create an ADF, an identity in the name of Azure Data Factory is created. This identity goes and tries to pull information.

    At my end, I had given permission only to a managed identity (user) and I was encountering the Unauthorized error - as ADF Identity was not having sufficient permission at the App config level.

    Option 1 :

    You could add the Identity of the ADF in the IAM Section of the App Config and provide necessary roles.

    141798-image.png

    Click On Add. You will options to Add Managed Identity - you should choose that of the ADF.

    Option 2 :

    If you already Managed identities created and you'd like to use them.

    Note :

    Ensure It has sufficient priveleges at the App Config Level (IAM)

    141826-image.png

    Now, at the ADF end. Add a credential for this Managed Identity.

    ADF --> Manage --> Credential --> New

    141903-credentials2.gif

    141902-image.png

    Now at the Web Activity end. You will have to choose the authentication method as the user assigned identity and reference the credential you have created in the above step.

    141904-image.png

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest