Credentials in Azure Data Factory and Azure Synapse

APPLIES TO: Azure Data Factory Azure Synapse Analytics


Try out Data Factory in Microsoft Fabric, an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!


Users must have the Managed Identity Operator (Azure RBAC) role or a custom role with Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action RBAC action to configure a user assigned managed identity as a credential. Additional RBAC is required to create and use credentials in Synapse. Learn more.

Using credentials

We are introducing Credentials which can contain user-assigned managed identities, service principals, and also lists the system-assigned managed identity that you can use in the linked services that support Azure Active Directory (Azure AD) authentication. It helps you consolidate and manage all your Azure AD-based credentials.

Below are the generic steps for using a user-assigned managed identity in the linked services for authentication.

  1. If you do not have a user-assigned managed identity created in Azure, first create one in the Azure portal Managed Identities page.

  2. Associate the user-assigned managed identity to the data factory instance using Azure portal, SDK, PowerShell, REST API. The screenshot below used Azure portal (data factory blade) to associate the user-assigned managed identity.

    Screenshot showing how to use Azure portal to associate a user-assigned managed identity.

  3. Create a Credential in data factory user interface interactively. You can select the user-assigned managed identity associated with the data factory in Step 1.

    Screenshot showing the creation of new credentials.

    Screenshot showing the configuration of new credentials.

  4. Create a new linked service and select User-assigned managed identity under authentication

    Screenshot showing the new linked service with user-assigned managed identity authentication.

    Screenshot showing the new linked service configuration with User-Assigned Managed Identity and credentials selected.


You can use SDK/ PowerShell/ REST APIs for the above actions. An example of creating a user-assigned managed identity and assigning it permissions to a resource with Bicep/ARM is available in this example. Linked services with user-assigned managed identity are currently not supported in Synapse Spark.

Next steps

See the following topics that introduce when and how to use managed identity:

See Managed Identities for Azure Resources Overview for more background on managed identities for Azure resources, which data factory managed identity is based upon.