Merge pull request #295404 from maud-lv/patch-65

prmerger-automator[bot] · web-flow · commit 566467470100 · 2025-03-24T09:12:34.000Z
Add information about managed identity
diff --git a/articles/service-connector/how-to-integrate-cosmos-cassandra.md b/articles/service-connector/how-to-integrate-cosmos-cassandra.md
@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.service: service-connector
 ms.topic: how-to
-ms.date: 02/02/2024
+ms.date: 03/14/2025
 ---
 
 # Integrate Azure Cosmos DB for Cassandra with Service Connector
@@ -38,11 +38,14 @@ The table below shows which combinations of client types and authentication meth
 
 This table indicates that all combinations of client types and authentication methods in the table are supported, except for the Java - Spring Boot client type, which only supports the Secret / connection string method. All other client types can use any of the authentication methods to connect to Azure Cosmos DB for Apache Cassandra using Service Connector.
 
-## Default environment variable names or application properties and Sample code
+> [!NOTE]
+> Cosmos DB does not natively support authentication via managed identity. Therefore, Service Connector uses the managed identity to retrieve the connection string, and the connection is subsequently established using that connection string.
+
+## Default environment variable names or application properties and sample code
 
 Reference the connection details and sample code in the following tables, according to your connection's authentication type and client type, to connect your compute services to Azure Cosmos DB for Apache Cassandra. For more information about naming conventions, check the [Service Connector internals](concept-service-connector-internals.md#configuration-naming-convention) article.
 
-### System-assigned Managed Identity
+### System-assigned managed identity
 
 | Default environment variable name | Description                                        | Example value                                                                                                                                                                                                   |
 | --------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -57,9 +60,12 @@ Reference the connection details and sample code in the following tables, accord
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for Cassandra using a system-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 [!INCLUDE [code sample for cassandra](./includes/code-cosmoscassandra-me-id.md)]
 
-### User-assigned Managed Identity
+### User-assigned managed identity
 
 | Default environment variable name | Description                                        | Example value                                                                                                                                                                                                   |
 | --------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
@@ -75,14 +81,17 @@ Refer to the steps and code below to connect to Azure Cosmos DB for Cassandra us
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for Cassandra using a user-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 [!INCLUDE [code sample for cassandra](./includes/code-cosmoscassandra-me-id.md)]
 
-### Connection String
+### Connection string
 
 > [!WARNING]
 > Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
 
-#### SpringBoot client type
+#### Spring Boot client type
 
 | Default environment variable name      | Description                                        | Example value                                            |
 | -------------------------------------- | -------------------------------------------------- | -------------------------------------------------------- |
diff --git a/articles/service-connector/how-to-integrate-cosmos-db.md b/articles/service-connector/how-to-integrate-cosmos-db.md
@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.service: service-connector
 ms.topic: how-to
-ms.date: 02/02/2024
+ms.date: 03/14/2025
 ---
 
 # Integrate Azure Cosmos DB for MongoDB with Service Connector
@@ -38,6 +38,9 @@ The table below shows which combinations of client types and authentication meth
 
 This table indicates that all combinations of client types and authentication methods in the table are supported, except for the Java - Spring Boot client type, which only supports the Secret / connection string method. All other client types can use any of the authentication methods to connect to Azure Cosmos DB for MongoDB using Service Connector.
 
+> [!NOTE]
+> Cosmos DB does not natively support authentication via managed identity. Therefore, Service Connector uses the managed identity to retrieve the connection string, and the connection is subsequently established using that connection string.
+
 ## Default environment variable names or application properties and sample code
 
 Use the connection details below to connect compute services to Azure Cosmos DB. This page also shows default environment variable names and values (or Spring Boot configuration) you get when you create the service connection, as well as sample code. For each example below, replace the placeholder texts `<mongo-db-admin-user>`, `<password>`, `<Azure-Cosmos-DB-API-for-MongoDB-account>`, `<subscription-ID>`, `<resource-group-name>`, `<client-secret>`, and `<tenant-id>` with your own information. For more information about naming conventions, check the [Service Connector internals](concept-service-connector-internals.md#configuration-naming-convention) article.
@@ -53,6 +56,8 @@ Use the connection details below to connect compute services to Azure Cosmos DB.
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for MongoDB using a system-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
 [!INCLUDE [code sample for mongo](./includes/code-cosmosmongo-me-id.md)]
 
 ### User-assigned managed identity
@@ -67,14 +72,16 @@ Refer to the steps and code below to connect to Azure Cosmos DB for MongoDB usin
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for MongoDB using a user-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
 [!INCLUDE [code sample for mongo](./includes/code-cosmosmongo-me-id.md)]
 
 ### Connection string
 
 > [!WARNING]
 > Microsoft recommends that you use the most secure authentication flow available. The authentication flow described in this procedure requires a very high degree of trust in the application, and carries risks that are not present in other flows. You should only use this flow when other more secure flows, such as managed identities, aren't viable.
 
-#### SpringBoot client type
+#### Spring Boot client type
 
 | Default environment variable name | Description       | Example value                                                                                                                                                                                |
 |-----------------------------------|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
diff --git a/articles/service-connector/how-to-integrate-cosmos-gremlin.md b/articles/service-connector/how-to-integrate-cosmos-gremlin.md
@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.service: service-connector
 ms.topic: how-to
-ms.date: 02/02/2024
+ms.date: 03/14/2025
 ---
 
 # Integrate the Azure Cosmos DB for Gremlin with Service Connector
@@ -38,6 +38,9 @@ The table below shows which combinations of client types and authentication meth
 
 This table indicates that all combinations of client types and authentication methods in the table are supported. All client types can use any of the authentication methods to connect to Azure Cosmos DB for Apache Gremlin using Service Connector.
 
+> [!NOTE]
+> Cosmos DB does not natively support authentication via managed identity. Therefore, Service Connector uses the managed identity to retrieve the connection string, and the connection is subsequently established using that connection string.
+
 ## Default environment variable names or application properties and sample code
 
 Use the connection details below to connect your compute services to Azure Cosmos DB for Apache Gremlin. For each example below, replace the placeholder texts `<Azure-Cosmos-DB-account>`, `<database>`, `<collection or graphs>`, `<username>`, `<password>`, `<resource-group-name>`, `<subscription-ID>`, `<client-ID>`,`<client-secret>`, and `<tenant-id>` with your own information. For more information about naming conventions, check the [Service Connector internals](concept-service-connector-internals.md#configuration-naming-convention) article.
@@ -57,6 +60,9 @@ Use the connection details below to connect your compute services to Azure Cosmo
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin using a system-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 [!INCLUDE [code sample for gremlin](./includes/code-cosmosgremlin-me-id.md)]
 
 ### User-assigned managed identity
@@ -70,9 +76,13 @@ Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin usin
 | AZURE_COSMOS_PORT                 | Connection port                               | 443                                                                                                                                                                                                   |
 | AZURE_COSMOS_USERNAME             | Your username                                 | `/dbs/<database>/colls/<collection or graphs>`                                                                                                                                                        |
 | AZURE_CLIENTID                    | Your client ID                                | `<client_ID>`                                                                                                                                                                                         |
+
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for Gremlin using a user-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 [!INCLUDE [code sample for gremlin](./includes/code-cosmosgremlin-me-id.md)]
 
 ### Connection string
diff --git a/articles/service-connector/how-to-integrate-cosmos-sql.md b/articles/service-connector/how-to-integrate-cosmos-sql.md
@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.service: service-connector
 ms.topic: how-to
-ms.date: 02/02/2024
+ms.date: 03/14/2025
 ---
 
 # Integrate the Azure Cosmos DB for NoSQL with Service Connector
@@ -38,13 +38,18 @@ The table below shows which combinations of client types and authentication meth
 
 This table indicates that all combinations of client types and authentication methods in the table are supported. All client types can use any of the authentication methods to connect to Azure Cosmos DB for NoSQL using Service Connector.
 
-## Default environment variable names or application properties and Sample code
+> [!NOTE]
+> Cosmos DB does not natively support authentication via managed identity. Therefore, Service Connector uses the managed identity to retrieve the connection string, and the connection is subsequently established using that connection string.
+
+## Default environment variable names or application properties and sample code
 
 Use the connection details below to connect your compute services to the Azure Cosmos DB for NoSQL. For each example below, replace the placeholder texts `<database-server>`, `<database-name>`,`<account-key>`, `<resource-group-name>`, `<subscription-ID>`, `<client-ID>`, `<SQL-server>`, `<client-secret>`, `<tenant-id>`, and `<access-key>` with your own information. For more information about naming conventions, check the [Service Connector internals](concept-service-connector-internals.md#configuration-naming-convention) article.
 
 ### System-assigned managed identity
 
-#### SpringBoot client type
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
+#### Spring Boot client type
 
 Using a system-assigned managed identity as the authentication type is only available for Spring Cloud Azure version 4.0 or higher.
 
@@ -69,6 +74,8 @@ Refer to the steps and code below to connect to Azure Cosmos DB for NoSQL using
 
 ### User-assigned managed identity
 
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 #### SpringBoot client type
 
 Using a user-assigned managed identity as the authentication type is only available for Spring Cloud Azure version 4.0 or higher.
diff --git a/articles/service-connector/how-to-integrate-cosmos-table.md b/articles/service-connector/how-to-integrate-cosmos-table.md
@@ -5,7 +5,7 @@ author: maud-lv
 ms.author: malev
 ms.service: service-connector
 ms.topic: how-to
-ms.date: 02/02/2024
+ms.date: 03/14/2025
 ---
 
 # Integrate the Azure Cosmos DB for Table with Service Connector
@@ -37,6 +37,9 @@ The table below shows which combinations of client types and authentication meth
 
 This table indicates that all combinations of client types and authentication methods in the table are supported. All client types can use any of the authentication methods to connect to Azure Cosmos DB for Table using Service Connector.
 
+> [!NOTE]
+> Cosmos DB does not natively support authentication via managed identity. Therefore, Service Connector uses the managed identity to retrieve the connection string, and the connection is subsequently established using that connection string.
+
 ## Default environment variable names or application properties and sample code
 
 Use the connection details below to connect your compute services to Azure Cosmos DB for Table. For each example below, replace the placeholder texts `<account-name>`, `<table-name>`, `<account-key>`, `<resource-group-name>`, `<subscription-ID>`, `<client-ID>`, `<client-secret>`, `<tenant-id>` with your own information. For more information about naming conventions, check the [Service Connector internals](concept-service-connector-internals.md#configuration-naming-convention) article.
@@ -66,6 +69,9 @@ Refer to the steps and code below to connect to Azure Cosmos DB for Table using
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for Table using a user-assigned managed identity.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 [!INCLUDE [code sample for cosmos table](./includes/code-cosmostable-me-id.md)]
 
 #### Connection string
@@ -80,6 +86,9 @@ Refer to the steps and code below to connect to Azure Cosmos DB for Table using
 #### Sample code
 
 Refer to the steps and code below to connect to Azure Cosmos DB for Table using a connection string.
+
+Since Cosmos DB doesn't natively support authentication via managed identity, in the following code sample, we use the managed identity to retrieve the connection string, and the connection is then established using that connection string.
+
 [!INCLUDE [code sample for cosmos table](./includes/code-cosmostable-secret.md)]
 
 #### Service principal
