ServicePrincipalAuthentication Class

  • Reference

Manages authentication using a service principle instead of a user identity.

Service Principal authentication is suitable for automated workflows like for CI/CD scenarios. This type of authentication decouples the authentication process from any specific user login, and allows for managed access control.

Class ServicePrincipalAuthentication constructor.

Inheritance
AbstractAuthentication
ServicePrincipalAuthentication

Constructor

ServicePrincipalAuthentication(tenant_id, service_principal_id, service_principal_password, cloud='AzureCloud', _enable_caching=True)

Parameters

tenant_id
str
Required

The active directory tenant that the service identity belongs to.

service_principal_id
str
Required

The service principal ID.

service_principal_password
str
Required

The service principal password/key.

cloud
str
default value: AzureCloud

The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used.

tenant_id
str
Required

The active directory tenant that the service identity belongs to.

service_principal_id
str
Required

The service principal id.

service_principal_password
str
Required

The service principal password/key.

cloud
str
Required

The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used.

_enable_caching
default value: True

Remarks

Service principal authentication involves creating an App Registration in Azure Active Directory. First, you generate a client secret, and then you grant your service principal role access to your machine learning workspace. Then, you use the ServicePrincipalAuthentication class to manage your authentication flow.


   import os
   from azureml.core.authentication import ServicePrincipalAuthentication

   svc_pr_password = os.environ.get("AZUREML_PASSWORD")

   svc_pr = ServicePrincipalAuthentication(
       tenant_id="my-tenant-id",
       service_principal_id="my-application-id",
       service_principal_password=svc_pr_password)


   ws = Workspace(
       subscription_id="my-subscription-id",
       resource_group="my-ml-rg",
       workspace_name="my-ml-workspace",
       auth=svc_pr
       )

   print("Found workspace {} at location {}".format(ws.name, ws.location))

Full sample is available from https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb

To learn about creating a service principal and allowing the service principal to access a machine learning workspace, see Set up service principal authentication.