authentication Module

Contains functionality for managing different types of authentication in Azure Machine Learning.

Types of supported authentication:

• Interactive Login - The default mode when using Azure Machine Learning SDK. Uses an interactive dialog.
• Azure CLI - For use with the azure-cli package.
• Service Principal - For use with automated machine learning workflows.
• MSI - For use with Managed Service Identity-enabled assets such as with an Azure Virtual Machine.
• Azure ML Token - Used for acquiring Azure ML tokens for submitted runs only.

To learn more about these authentication mechanisms, see https://aka.ms/aml-notebook-auth.

Classes

AbstractAuthentication	Abstract parent class for all authentication classes in Azure Machine Learning. Derived classes provide different means to authenticate and acquire a token based on their targeted use case. For examples of authentication, see https://aka.ms/aml-notebook-auth. Class AbstractAuthentication constructor.
AccessToken	Create new instance of AccessToken(token, expires_on)
ArmTokenAuthentication	Used internally to acquire ARM access tokens using service principle or managed service identity authentication. For automated workflows where managed access control is needed, use the ServicePrincipalAuthentication instead. Class ArmTokenAuthentification constructor.
AzureCliAuthentication	Manages authentication and acquires an access token using the Azure CLI. To use this class you must have the azure-cli package installed. For a better Azure Notebooks experience, use the InteractiveLoginAuthentication class. Class Azure Cli Authentication constructor.
AzureMLTokenAuthentication	Manages authentication and access tokens in the context of submitted runs. The Azure Machine Learning token is generated when a run is submitted and is only available to the code that submitted the run. The AzureMLTokenAuthentication class can only be used in the context of the submitted run. The returned token cannot be used against any Azure Resource Manager (ARM) operations like provisioning compute. The Azure Machine Learning token is useful when executing a program remotely where it might be unsafe to use the private credentials of a user. Authorize users by their Azure ML token. The Azure ML token is generated when a run is submitted and is only available to the code submitted. The class can only be used in the context of the submitted run. The token cannot be used against any ARM operations like provisioning compute. The Azure ML token is useful when executing a program remotely where it might be unsafe to use the user's private credentials. The consumer of this class should call the class method create which creates a new object or returns a registered instance with the same run_scope (subscription_id, resource_group_name, workspace_name, experiment_name, run_id) provided.
InteractiveLoginAuthentication	Manages authentication and acquires an authorization token in interactive login workflows. Interactive login authentication is suitable for local experimentation on your own computer, and is the default authentication model when using Azure Machine Learning SDK. For example, when working locally in a Jupyter notebook, the interactive login authentication process opens a browser window opens to prompt for credentials if credentials don't already exist. Class Interactive Login Authentication constructor. This constructor will prompt the user to login, then it will save the credentials for any subsequent attempts. If the user is already logged in to azure CLI or have logged in before, the constructor will load the existing credentials without prompt. When this python process is running in Azure Notebook service, the constructor will attempt to use the "connect to azure" feature in Azure Notebooks. If this python process is running on a Notebook VM, the constructor will attempt to use MSI auth.
MsiAuthentication	Manages authentication using a managed identity in Azure Active Directory. When using Azure ML SDK on Azure Virtual Machine (VM), you can authenticate with a managed identity (formerly known as Managed Service Identity - MSI). Using a managed identity allows the VM connect to your workspace without storing credentials in Python code, thus decoupling the authentication process from any specific user login. Class MsiAuthentication constructor.
ServicePrincipalAuthentication	Manages authentication using a service principle instead of a user identity. Service Principal authentication is suitable for automated workflows like for CI/CD scenarios. This type of authentication decouples the authentication process from any specific user login, and allows for managed access control. Class ServicePrincipalAuthentication constructor.
TokenAuthentication	Manage authentication using AAD token scoped by audience. Token Authentication is suitable when token generation and its refresh are outside of AML SDK. This type of authentication allows greater control over token generation and its refresh. For automated workflows where managed access control is needed, use the ServicePrincipalAuthentication instead. This class requires get_token_for_audience method be provided which will be called to retrieve the token. Example how get_token_for_audience will be called and will be passed an audience get_token_for_audience(audience) Manage authentication using AAD token scoped by audience. Token Authentication is suitable when token generation and its refresh are outside of AML SDK. This type of authentication allows greater control over token generation and its refresh. For automated workflows where managed access control is needed, use the ServicePrincipalAuthentication instead. This class requires get_token_for_audience method be provided which will be called to retrieve the token. Example how get_token_for_audience will be called and will be passed an audience get_token_for_audience(audience) where audience can be either ARM or AML auth = TokenAuthentication(get_token_for_audience) AML audience value passed to get_token_for_audience can be retrieved by : auth.get_aml_resource_id(cloud) ARM audience value passed to get_token_for_audience can be retrieved by : auth._cloud_type.endpoints.active_directory_resource_id

Enums

Audience

Audience supported by AML. To be used only with TokenAuthentication class.