Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,417 questions
Error in Azure Synapse Notebook Unable to Authenticate to Access Azure Managed Identity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 44%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Gilbert Antonius
6
Reputation points
I am trying to authenticate to access other Azure resource (Azure Digital Twins) from Azure Synapse without explicitly using secrets, so I tried to use the Azure Managed Identity and followed this tutorial. After following the tutorial, I am getting the error below (unable to authenticate):
ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable. No identity has been assigned to this resource.
SharedTokenCacheCredential: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
VisualStudioCodeCredential: Failed to get Azure user details from Visual Studio Code.
AzureCliCredential: Azure CLI not found on path
Below is the code snippet:
from azure.identity import DefaultAzureCredential
from azure.digitaltwins.core import DigitalTwinsClient
# azure_managed_identity_client_id, adt_url change to corresponding values
credential = DefaultAzureCredential(managed_identity_client_id=<azure_managed_identity_client_id>)
service_client = DigitalTwinsClient(<adt_url>, credential)
relationship_query = 'SELECT * FROM RELATIONSHIPS'
relationships = service_client.query_twins(relationship_query)
relationships_df = pd.DataFrame()
for relationship in relationships:
print(relationship)
Steps to reproduce:
- Create a managed identity instance in Azure Portal
- In access control (IAM) of the other Azure resource (ADT in our case; blob storage in demo case), grant access to the managed identity created in step 1
- Go to the identity pane of the destination service (Synapse in our case; Azure Functions in demo case) in Azure Portal to add the user assigned identity (in this case, we add the managed identity instance)
- Run the code snippet above in Azure Synapse notebook attached to a Spark Pool
Is there anything I did incorrectly? What's the best practice for accessing Azure resources that don't support Linked Service in Synapse without referencing the secret in the code (inside the Synapse notebook)?
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
HimanshuSinha-msft 19,381 Reputation points Microsoft Employee2021-09-20T21:36:30.25+00:00 Hello @Gilbert Antonius ,
Thanks for the ask and using Microsoft Q&A platform .
My apoloziges as I do not have the ADT environemnt to test scebnario , are you refering Synapse WS in Steps 3 , if not I think thats what needs to be done , please do the link below .
https://learn.microsoft.com/en-us/azure/synapse-analytics/security/synapse-workspace-managed-identityThanks
Himanshu -
Gilbert Antonius 6 Reputation points
2021-09-22T04:20:18.47+00:00 Hi @HimanshuSinha-msft ,
I did something like below (I am following this video tutorial: https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) for step 3 where I add the managed identity I created to the Identity menu of Synapse in Azure portal.
The goal here is to access to Azure resources that doesn't have linked service support in Synapse from Azure Synapse notebook without referencing to the secrets inside the notebook code; so it doesn't have to be ADT. Here's a code snippet with no dependency on ADT:
from azure.identity import DefaultAzureCredential from azure.digitaltwins.core import DigitalTwinsClient credential = DefaultAzureCredential(managed_identity_client_id=<azure_managed_identity_client_id>) credential.get_token()Error message:
Can you advise on this? Thanks
Sign in to comment