Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Difference between Service Principal and Managed Identities in Azure

Tags:

azure

azure-active-directory

claims-based-identity

I would like to know if it is always recommended to use Managed Identities in Azure , mostly system assigned or a Service Principal? When should Service Principals be used in Azure compared to a managed identity, what is the advantage of one over the other? Any help would be appreciated.

like image 968
Pallab Avatar asked Apr 20 '20 12:04

Pallab

People also ask

What is managed identities in Azure?

Managed identities provide an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials.

What is a service principal in Azure?

An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, giving you control over which resources can be accessed and at which level.

What is the difference between service principal and user principal?

The security principals are given permissions within the associated tenant, which define what a service/user is allowed to access. For a service, the security principal is called a service principal (and for a person, it is a user principal).

What's the difference between a system assigned managed identity & A user assigned managed identity?

There are two types of managed identities: system-assigned and user-assigned. System-assigned managed identities have their lifecycle tied to the resource that created them. User-assigned managed identities can be used on multiple resources.

1 Answers

Internally, managed identities are service principals of a special type, which are locked to only be used with Azure resources. When the managed identity is deleted, the corresponding service principal is automatically removed. Also, when a User-Assigned or System-Assigned Identity is created, the Managed Identity Resource Provider (MSRP) issues a certificate internally to that identity.

Source: What are managed identities for Azure resources?

and

So what’s the difference?
Put simply, the difference between a managed identity and a service principal is that a managed identity manages the creation and automatic renewal of a service principal on your behalf.

Source: What’s an Azure Service Principal and Managed Identity?

like image 197
rickvdbosch Avatar answered Sep 26 '22 14:09

rickvdbosch
Sign in to Comment

Related questions

Application Insights - How to sort by custom dimension
Throttling Azure Storage Queue processing in Azure Function App
Azure Application Settings not overriding my appsettings.json file values
ASP.NET+Azure 400 Bad Request doesn't return JSON data
How to read Azure web site app settings values
AzureWebJobsDashboard Configuration Error
Getting blob count in an Azure Storage container
SSMS 2016 Error Importing Azure SQL v12 bacpac: master keys without password not supported
Invalid access to memory location when deploying Azure web app
Azure Storage Emulator Won't Install
How to get fontawesome to work on an Azure web pages deployment?
How can I set CORS in Azure BLOB Storage in Portal?
C# LINQ .Any not working on DocumentDb CreateDocumentQuery
Friendly filename when public download Azure blob
How to debug Azure 500 internal server error [closed]
Azure Custom Controller / API .Net backend
How to set and read user environment variable in Azure DevOps Pipeline?
Second sign-in causes infinite redirect loop after the first successful login MVC .NET 5 OWIN ADAL OpenIDConnect
How to setup SSRS with an Azure SQL Server Database
Use Azure Application Insights with Azure WebJob

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!