Credentials in Azure Data Factory and Azure Synapse

APPLIES TO: Azure Data Factory Azure Synapse Analytics

Tip

Try out Data Factory in Microsoft Fabric, an all-in-one analytics solution for enterprises. Microsoft Fabric covers everything from data movement to data science, real-time analytics, business intelligence, and reporting. Learn how to start a new trial for free!

Prerequisites

Users must have the Managed Identity Operator (Azure RBAC) role or a custom role with Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action RBAC action to configure a user assigned managed identity as a credential. Additional RBAC is required to create and use credentials in Synapse. Learn more.

Using credentials

We are introducing Credentials which can contain user-assigned managed identities, service principals, and also lists the system-assigned managed identity that you can use in the linked services that support Microsoft Entra authentication. It helps you consolidate and manage all your Microsoft Entra ID-based credentials.

Below are the generic steps for using a user-assigned managed identity in the linked services for authentication.

Azure Data Factory

1. If you do not have a user-assigned managed identity created in Azure, first create one in the Azure portal Managed Identities page.

2. Associate the user-assigned managed identity to the data factory instance using Azure portal, SDK, PowerShell, REST API. The screenshot below used Azure portal (data factory blade) to associate the user-assigned managed identity.

   

3. Create a Credential in data factory user interface interactively. You can select the user-assigned managed identity associated with the data factory in Step 1.

   

   

4. Create a new linked service and select User-assigned managed identity under authentication

   

   

Azure Synapse

1. If you do not have a user-assigned managed identity created in Azure, first create one in the Azure portal Managed Identities page.

2. Associate the user-assigned managed identity to the workspace using Azure portal, SDK, PowerShell, REST API. The screenshot below used Azure portal (Identity blade) to associate the user-assigned managed identity.

   

3. Create a Credential in Synapse Studio interactively. You can select the user-assigned managed identity associated with the workspace in Step 1.

   

   

4. Create a new linked service and select User-assigned managed identity under authentication

   

   

Note

You can use SDK/ PowerShell/ REST APIs for the above actions. An example of creating a user-assigned managed identity and assigning it permissions to a resource with Bicep/ARM is available in this example. Linked services with user-assigned managed identity are currently not supported in Synapse Spark.

Related content

• Managed identity

See the following topics that introduce when and how to use managed identity:

• Store credential in Azure Key Vault
• Copy data from/to Azure Data Lake Store using managed identities for Azure resources authentication

See Managed Identities for Azure Resources Overview for more background on managed identities for Azure resources, which data factory managed identity is based upon.