A common challenge for developers is the management of secrets, credentials, certificates, and keys used to secure communication between services. Managed identities eliminate the need for developers to manage these credentials.
You can use managed identities to authenticate to any resource that supports Azure AD authentication, including your own applications.
Managed identity types
There are two types of managed identities:
System-assigned. Some Azure resources, such as virtual machines allow you to enable a managed identity directly on the resource. When you enable a system-assigned managed identity:
A service principal of a special type is created in Azure AD for the identity. The service principal is tied to the lifecycle of that Azure resource. When the Azure resource is deleted, Azure automatically deletes the service principal for you.
By design, only that Azure resource can use this identity to request tokens from Azure AD.
You authorize the managed identity to have access to one or more services.
The name of the system-assigned service principal is always the same as the name of the Azure resource it is created for. For a deployment slot, the name of its system-assigned identity is <app-name>/slots/<slot-name>.
User-assigned. You may also create a managed identity as a standalone Azure resource. You can create a user-assigned managed identity and assign it to one or more Azure Resources. When you enable a user-assigned managed identity:
A service principal of a special type is created in Azure AD for the identity. The service principal is managed separately from the resources that use it.
User-assigned identities can be used by multiple resources.
You authorize the managed identity to have access to one or more services.
No comments:
Post a Comment