Share via

parameterization of user assigned managed identity

na 121 Reputation points
2022-06-27T14:08:02.99+00:00

I have a user assigned managed identity and it is associated with my data factory.
This works fine in our DEV environment.

When it comes to deployment however, there is no parameter to provide the user assigned managed Identity that is used in our PRD environment.
As ADF creates the ARM templates itself, it seems my only options are:

  • publish the ADF templates to adf_publish branch.
  • Manually checkout the arm templates and alter the managed identity
  • manually trigger deployment.

or

  • use the same managed identity in DEV and PRD

Neither option is desirable.
Is there a way to parameterize the user assigned managed identity for a data factory?

Below is the json from the arm template ADF generates. Note the user assigned Managed Identity is hard coded and not parameterized. 

 "name": "[concat(parameters('factoryName'), '/KV_Access_MI')]",  
 "type": "Microsoft.DataFactory/factories/credentials",  
 "apiVersion": "2018-06-01",  
 "properties": {  
 "type": "ManagedIdentity",  
 "typeProperties": {  
 "resourceId": "/subscriptions/xxxxx-xxxxx-xxxxx-xxxxx-xxxxx/resourcegroups/DEV-RG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-ManagedIdentity"  
 }  
 },  
 "dependsOn": []
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,906 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. na 121 Reputation points
    2022-06-29T10:54:59.97+00:00

    This appears to work, until I add a try to link to a shared Integration runtime.
    The user assigned managed identity has access to the shared integration runtime.

    When i run the deployment, it fails saying the data factory does not have access to the shared integration runtime.
    This tells me that the ARM template interperter is trying to create the integration runtime link before adding the user assigned Managed Identity.
    I cannot find a way to alter the order of execution in the ARM as its generated by ADF and I cant manually edit it.

    Any ideas?

    2 people found this answer helpful.
  2. MartinJaffer-MSFT 26,046 Reputation points
    2022-06-28T18:36:35.533+00:00

    Ahh, I made a typo somewhere @na .

    To parameterize the credentials, add into the ARM Template configuration: 

        "Microsoft.DataFactory/factories/credentials" : {  
        "properties": {  
            "typeProperties": {  
                "resourceId": "="  
            }  
        }  
    }

    I found the answer in the verry bottom of the sample customization template.

    How to get to ARM Template configuration
    215843-image.png

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    1 person found this answer helpful.