You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-howto-managed-identities-cosmos-db.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ ms.author: arjagann
7
7
8
8
ms.service: azure-ai-search
9
9
ms.topic: how-to
10
-
ms.date: 12/23/2024
10
+
ms.date: 01/06/2025
11
11
ms.custom:
12
12
- subject-rbac-steps
13
13
- ignite-2023
@@ -17,21 +17,19 @@ ms.custom:
17
17
18
18
This article explains how to set up an indexer connection to an Azure Cosmos DB database using a managed identity instead of providing credentials in the connection string.'
19
19
20
-
You can use a system-assigned managed identity or a user-assigned managed identity. Managed identities are Microsoft Entra logins and require Azure role assignments to access data in Azure Cosmos DB.
20
+
You can use a system-assigned managed identity or a user-assigned managed identity. Managed identities are Microsoft Entra logins and require Azure role assignments to access data in Azure Cosmos DB. You can optionally [enforce role-based access as the only authentication method](/azure/cosmos-db/how-to-setup-rbac#disable-local-auth) for data connections by setting `disableLocalAuth` to `true` for your Azure Cosmos DB for NoSQL account.
21
21
22
22
## Prerequisites
23
23
24
24
*[Create a managed identity](search-howto-managed-identities-data-sources.md) for your search service.
25
25
26
-
* You can optionally [enforce role-based access as the only authentication method](/azure/cosmos-db/how-to-setup-rbac#disable-local-auth) for data connections by setting `disableLocalAuth` to `true` for your Azure Cosmos DB for NoSQL account.
27
-
28
26
## Supported approaches for managed identity authentication
29
27
30
-
Azure AI Search supports two mechanisms to connect using managed identity.
28
+
Azure AI Search supports two mechanisms to connect to Azure Cosmos DB using managed identity.
31
29
32
-
1. The _legacy_ approach requires configuring the managed identity to have reader permissions on the management plane of the target Azure Cosmos DB account. Azure AI Search utilizes that identity to fetch the account keys of Cosmos DB account in the background to access the data. This approach won't work if the Cosmos DB account has `"disableLocalAuth": true`.
30
+
* The _legacy_ approach requires configuring the managed identity to have reader permissions on the management plane of the target Azure Cosmos DB account. Azure AI Search utilizes that identity to fetch the account keys of Cosmos DB account in the background to access the data. This approach won't work if the Cosmos DB account has `"disableLocalAuth": true`.
33
31
34
-
1. The _modern_ approach requires configuring the managed identity appropriate roles on the management and data plane of the target Azure Cosmos DB account. Azure AI Search will then request an access token to access the data in the Cosmos DB account. This approach works even if the Cosmos DB account has `"disableLocalAuth": true`.
32
+
* The _modern_ approach requires configuring the managed identity appropriate roles on the management and data plane of the target Azure Cosmos DB account. Azure AI Search will then request an access token to access the data in the Cosmos DB account. This approach works even if the Cosmos DB account has `"disableLocalAuth": true`.
35
33
36
34
Indexers that connect to Azure Cosmos DB for NoSQL support both the _legacy_ and the _modern_ approach - the _modern_ approach is highly recommended.
37
35
@@ -41,6 +39,8 @@ Indexers that connect to Azure Cosmos DB for NoSQL support both the _legacy_ and
41
39
42
40
## Connect to Azure Cosmos DB for NoSQL
43
41
42
+
This section outlines the steps to configure connecting to Azure Cosmos DB for NoSQL via the _modern_ approach.
43
+
44
44
### Configure control plane role assignments
45
45
46
46
1. Sign in to Azure portal and find your Cosmos DB for NoSQL account.
@@ -142,6 +142,8 @@ POST https://[service name].search.windows.net/datasources?api-version=2024-11-0
142
142
143
143
## Connect to Azure Cosmos DB for Gremlin/MongoDB (preview)
144
144
145
+
This section outlines the steps to configure connecting to Azure Cosmos DB for Gremlin/Mongo via the _legacy_ approach.
146
+
145
147
### Configure control plane role assignments
146
148
147
149
Follow the same steps as before to assign the appropriate roles on the control plane of the Azure Cosmos DB for Gremlin/MongoDB.
0 commit comments