Credentials in Azure Data Factory and Azure Synapse
APPLIES TO: Azure Data Factory Azure Synapse Analytics
Try out Data Factory in Microsoft Fabric, an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!
Users must have the Managed Identity Operator (Azure RBAC) role or a custom role with Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action RBAC action to configure a user assigned managed identity as a credential. Additional RBAC is required to create and use credentials in Synapse. Learn more.
We are introducing Credentials which can contain user-assigned managed identities, service principals, and also lists the system-assigned managed identity that you can use in the linked services that support Azure Active Directory (Azure AD) authentication. It helps you consolidate and manage all your Azure AD-based credentials.
Below are the generic steps for using a user-assigned managed identity in the linked services for authentication.
If you do not have a user-assigned managed identity created in Azure, first create one in the Azure portal Managed Identities page.
Associate the user-assigned managed identity to the data factory instance using Azure portal, SDK, PowerShell, REST API. The screenshot below used Azure portal (data factory blade) to associate the user-assigned managed identity.
Create a Credential in data factory user interface interactively. You can select the user-assigned managed identity associated with the data factory in Step 1.
Create a new linked service and select User-assigned managed identity under authentication
You can use SDK/ PowerShell/ REST APIs for the above actions. An example of creating a user-assigned managed identity and assigning it permissions to a resource with Bicep/ARM is available in this example. Linked services with user-assigned managed identity are currently not supported in Synapse Spark.
See the following topics that introduce when and how to use managed identity:
- Store credential in Azure Key Vault
- Copy data from/to Azure Data Lake Store using managed identities for Azure resources authentication
See Managed Identities for Azure Resources Overview for more background on managed identities for Azure resources, which data factory managed identity is based upon.