ServicePrincipalAuthentication class

Definition

Manages authentication using a service principle instead of a user identity.

Service Principal authentication is suitable for automated workflows like for CI/CD scenarios. This type of authentication decouples the authentication process from any specific user login, and allows for managed access control.

ServicePrincipalAuthentication(tenant_id, service_principal_id, service_principal_password, cloud='AzureCloud', _enable_caching=True)
Inheritance
builtins.object
ServicePrincipalAuthentication

Parameters

tenant_id
str

The active directory tenant that the service identity belongs to.

service_principal_id
str

The service principal ID.

service_principal_password
str

The service principal password/key.

cloud
str

The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used.

Remarks

Service principal authentication involves creating an App Registration in Azure Active Directory. First, you generate a client secret, and then you grant your service principal role access to your machine learning workspace. Then, you use the ServicePrincipalAuthentication class to manage your authentication flow.


   import os
   from azureml.core.authentication import ServicePrincipalAuthentication

   svc_pr_password = os.environ.get("AZUREML_PASSWORD")

   svc_pr = ServicePrincipalAuthentication(
       tenant_id="my-tenant-id",
       service_principal_id="my-application-id",
       service_principal_password=svc_pr_password)


   ws = Workspace(
       subscription_id="my-subscription-id",
       resource_group="my-ml-rg",
       workspace_name="my-ml-workspace",
       auth=svc_pr
       )

   print("Found workspace {} at location {}".format(ws.name, ws.location))

Full sample is available from https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb

To learn about creating a service principal and allowing the service principal to access a machine learning workspace, see Set up service principal authentication.