Credentials in Azure Data Factory and Azure Synapse
APPLIES TO: Azure Data Factory Azure Synapse Analytics
Prerequisites
Users must have the Managed Identity Operator (Azure RBAC) role or a custom role with Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action RBAC action to configure a user assigned managed identity as a credential. Additional RBAC is required to create and use credentials in Synapse. Learn more.
Using credentials
We are introducing Credentials which can contain user-assigned managed identities, service principals, and also lists the system-assigned managed identity that you can use in the linked services that support Microsoft Entra authentication. It helps you consolidate and manage all your Microsoft Entra ID-based credentials.
Below are the generic steps for using a user-assigned managed identity in the linked services for authentication.
If you do not have a user-assigned managed identity created in Azure, first create one in the Azure portal Managed Identities page.
Associate the user-assigned managed identity to the data factory instance using Azure portal, SDK, PowerShell, REST API. The screenshot below used Azure portal (data factory blade) to associate the user-assigned managed identity.
Create a Credential in data factory user interface interactively. You can select the user-assigned managed identity associated with the data factory in Step 1.
Create a new linked service and select User-assigned managed identity under authentication
Note
You can use SDK/ PowerShell/ REST APIs for the above actions. An example of creating a user-assigned managed identity and assigning it permissions to a resource with Bicep/ARM is available in this example. Linked services with user-assigned managed identity are currently not supported in Synapse Spark.
Related content
See the following topics that introduce when and how to use managed identity:
- Store credential in Azure Key Vault
- Copy data from/to Azure Data Lake Storage using managed identities for Azure resources authentication
See Managed Identities for Azure Resources Overview for more background on managed identities for Azure resources, which data factory managed identity is based upon.