none
Azure Data Factory service identity

    Question

  • Hi!

    I'm following article https://docs.microsoft.com/en-us/azure/data-factory/enable-aad-authentication-azure-ssis-ir

    Step 3. Add the Data Factory MSI to the group. You can follow Azure Data Factory service identity to get the service identity ID (for example, 765ad4ab-XXXX-XXXX-XXXX-51ed985819dc).

    If you follow the link https://docs.microsoft.com/en-us/azure/data-factory/data-factory-service-identity

    It advises you to use Service identity application ID .

    Powershell command in 1st article gives error if you use Service identity application ID.

    So which one is correct?



    Wednesday, June 20, 2018 12:09 PM

Answers

  • To use AAD auth with ADF MSI when provisioning SSIS IR specifically, you need to use the principal SERVICE IDENTITY ID, not SERVICE IDENTITY APPLICATION ID.  We'll clarify this more in our doc.

    Thursday, June 21, 2018 3:30 AM

All replies

  • hi, 

    What error did you get when running cmd in 1st article? thanks.

    -Rodge

    Wednesday, June 20, 2018 3:24 PM
  • To use AAD auth with ADF MSI when provisioning SSIS IR specifically, you need to use the principal SERVICE IDENTITY ID, not SERVICE IDENTITY APPLICATION ID.  We'll clarify this more in our doc.

    Thursday, June 21, 2018 3:30 AM
  • Hi!

    Here is the error from Powershell:

    Add-AzureAdGroupMember : Error occurred while executing AddGroupMember 
    StatusCode: NotFound
    ErrorCode: Request_ResourceNotFound
    Message: Resource 'xxxxxxx-xxxxxxxxxxxxxxxx-xxxxxxx' does not exist or one of its queried reference-property objects are not present.

    Thursday, June 21, 2018 4:39 AM
  • Thanks! I'll use that.
    Thursday, June 21, 2018 4:40 AM
  • FYI,

    When I create try and create a new linked service in Azure for Sql Database, the message provided, when I picked the "managed service identity" auth type was:

    Service identity application ID: {GUID} 
    Grant data factory service identity access to your Azure SQL Database. Details

    The GUID that is displayed is the Service Identity Application ID. Which does not work. But, when I used the "Service Identity Id" it did work!. So, the messaging in the ADF web app  also needs to be fixed.


    http://blog.aggregatedIntelligence.com/

    Friday, August 31, 2018 10:26 PM