Managed identity from ADF to Synapse

Razeen Hendricks 56 Reputation points
2021-08-28T06:16:44.33+00:00

We've attempted to apply user-assigned managed identity authentication from ADF to Synapse, and this works fine.

However, in a "copy data" activity, where the source is Synapse but the sink is an on-prem DB (using a self-hosted integration runtime), we get the following error:

Managed identity credential is not supported in this version ('5.7.7851.1') of Self Hosted Integration Runtime.

That IR is set to auto-update, so I'd assume it's on the latest version. This appears to be an oversight from Microsoft in releasing a feature that doesn't cover all the scenarios. Is there any idea as to when this problem may be resolved?

Another issue we're faced with is that the setting of the user-assigned managed identity is not parameterized within the generated ADF ARM template. That, coupled with the fact that Synapse does not allow duplicate identity names when creating SQL users on different subscriptions but the same tenant, is clearly problematic.
How could this be solved?

Regards,

Razeen.

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,422 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,643 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,661 questions
Accepted answer
  1. Saurabh Sharma 23,751 Reputation points Microsoft Employee
    2021-08-31T15:26:12.78+00:00

    Hi@Razeen Hendricks ,

    Here an update -
    User-assigned managed identity is supported by self-hosted integration runtime with version higher than 5.8.0.0. Also, Regarding "That IR is set to auto-update, so I'd assume it's on the latest version." -

    Actually, the assumption isn’t always true as the products team goal is to push the latest stable version. And So, the auto-update of the latest version immediately won't be pushed immediately. Instead, auto-update is pushed tier by tier to limit the impact of an issue.

    However, due to some known issues, auto-update of 5.8 is delayed but all released versions are available on download center. Now, all known issues are addressed by all versions of self-hosted integration runtime on download center. Products team is preparing to push the auto-update of 5.8.7875.2.
    You can however download self-hosted integration runtime installer from download center and manually use them to update your self-host integration runtime. Manual update won’t break auto-update. If the auto-update of a newer version is pushed in the future, yours self-hosted integration runtime still can get auto updated.
    Regarding your second ask on ARM deployment, we are currently looking into if anything else needs to be done to support custom parameterization for credential object. Ideally, it should work presently as well. Until then, you can manually edit ARM template to make User Assigned Managed Identity as a parameter and deploy that.

    Thanks
    Saurabh

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chad Bentz 26 Reputation points Microsoft Employee
    2021-09-01T21:48:06.423+00:00

    Same error trying to use a User Assigned Managed Identity (Preview) to attempt to connect to a KeyVault from SHIR (5.7.7851.1) for Service Principal Authentication with Credentials(Preview). > Error code > 20523 > > Details > Managed identity credential is not supported in this version ('5.7.7851.1') of Self Hosted Integration Runtime. Activity ID: 8ba8cc37-79ef-4f73-bf81-a2113e68fe60 I figured that setting up two preview features might bite me here :D ![128481-image.png][1] ![128451-image.png][2] [1]: /api/attachments/128481-image.png?platform=QnA [2]: /api/attachments/128451-image.png?platform=QnA