question

RazeenHendricks-7065 avatar image
1 Vote"
RazeenHendricks-7065 asked SaurabhSharma-msft commented

Managed identity from ADF to Synapse

We've attempted to apply user-assigned managed identity authentication from ADF to Synapse, and this works fine.

However, in a "copy data" activity, where the source is Synapse but the sink is an on-prem DB (using a self-hosted integration runtime), we get the following error:

Managed identity credential is not supported in this version ('5.7.7851.1') of Self Hosted Integration Runtime.

That IR is set to auto-update, so I'd assume it's on the latest version. This appears to be an oversight from Microsoft in releasing a feature that doesn't cover all the scenarios. Is there any idea as to when this problem may be resolved?

Another issue we're faced with is that the setting of the user-assigned managed identity is not parameterized within the generated ADF ARM template. That, coupled with the fact that Synapse does not allow duplicate identity names when creating SQL users on different subscriptions but the same tenant, is clearly problematic.
How could this be solved?

Regards,

Razeen.

azure-data-factoryazure-synapse-analyticsazure-managed-identity
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @razeenhendricks-7065,
Thanks for using Microsoft Q&A !!

Yes, it should be latest version but can you check SHIR version from "Integration runtimes" Page and on On premise integration runtime configuration manager under Help.
(see screenshot below) if both are same ?
127695-image.png
127751-image.png

For your second ask, how are you generating the ADF ARM template ?

0 Votes 0 ·
image.png (40.4 KiB)
image.png (80.8 KiB)
SaurabhSharma-msft avatar image
1 Vote"
SaurabhSharma-msft answered SaurabhSharma-msft commented

Hi@razeenhendricks-7065,

Here an update -
User-assigned managed identity is supported by self-hosted integration runtime with version higher than 5.8.0.0. Also, Regarding "That IR is set to auto-update, so I'd assume it's on the latest version." -

Actually, the assumption isn’t always true as the products team goal is to push the latest stable version. And So, the auto-update of the latest version immediately won't be pushed immediately. Instead, auto-update is pushed tier by tier to limit the impact of an issue.
However, due to some known issues, auto-update of 5.8 is delayed but all released versions are available on download center. Now, all known issues are addressed by all versions of self-hosted integration runtime on download center. Products team is preparing to push the auto-update of 5.8.7875.2.
You can however download self-hosted integration runtime installer from [download center][1] and manually use them to update your self-host integration runtime. Manual update won’t break auto-update. If the auto-update of a newer version is pushed in the future, yours self-hosted integration runtime still can get auto updated.
Regarding your second ask on ARM deployment, we are currently looking into if anything else needs to be done to support custom parameterization for credential object. Ideally, it should work presently as well. Until then, you can manually edit ARM template to make User Assigned Managed Identity as a parameter and deploy that.

Thanks
Saurabh


[1]: https://www.microsoft.com/en-us/download/details.aspx?id=39717
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @razeenhendricks-7065,

I have not heard back from you. Did my answer solve your issue? If so, please mark as accepted answer. If not, please let me know how I may better assist.

Thanks
Saurabh

0 Votes 0 ·

Hi @razeenhendricks-7065,

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Thanks
Saurabh

1 Vote 1 ·
ChadBentz-3830 avatar image
0 Votes"
ChadBentz-3830 answered ChadBentz-3830 commented

Same error trying to use a User Assigned Managed Identity (Preview) to attempt to connect to a KeyVault from SHIR (5.7.7851.1) for Service Principal Authentication with Credentials(Preview). > Error code > 20523 > > Details > Managed identity credential is not supported in this version ('5.7.7851.1') of Self Hosted Integration Runtime. Activity ID: 8ba8cc37-79ef-4f73-bf81-a2113e68fe60 I figured that setting up two preview features might bite me here :D ![128481-image.png][1] ![128451-image.png][2] [1]: /answers/storage/attachments/128481-image.png [2]: /answers/storage/attachments/128451-image.png

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @chad-4001,

As mentioned above you need to manually install the latest version of SHIR as user-assigned managed identity is supported by self-hosted integration runtime with version higher than 5.8.0.0.
Please try and let me know if you face any issues.

Thanks
Saurabh

0 Votes 0 ·

This did indeed solve the problem for me ... FYI there is 0 documentation on UPGRADING SHIR manually. (turns out it is the same as installing just less steps as it pulls config)

0 Votes 0 ·