You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/applied-ai-services/form-recognizer/managed-identities.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,13 +12,13 @@ ms.author: lajanuar
12
12
ms.custom: ignite-fall-2021
13
13
---
14
14
15
-
# Create and use managed identities
15
+
# Managed identities for Form Recognizer
16
16
17
17
Managed identities for Azure resources are service principals that create an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources:
18
18
19
-
* You can use managed identities **instead of a shared access signature (SAS) token**to grant access to any resource that supports Azure AD authentication.
19
+
* You can use managed identities to grant access to any resource that supports Azure AD authentication, including your own applications. Unlike security keys and authentication tokens, managed identities eliminate the need for developers to manage credentials.
20
20
21
-
* To grant access, assign a role to a managed identity using [Azure role-based access control (Azure RBAC)](../../role-based-access-control/overview.md).
21
+
* To grant access to an Azure resource, assign an Azure role to a managed identity using [Azure role-based access control (Azure RBAC)](../../../role-based-access-control/overview.md).
22
22
23
23
* There's no added cost to use managed identities in Azure.
24
24
@@ -119,7 +119,7 @@ You need to grant Form Recognizer access to your storage account before it can c
119
119
120
120
:::image type="content" source="media/managed-identities/assigned-roles-window.png" alt-text="Screenshot: Azure role assignments window.":::
121
121
122
-
That's it! You've completed the steps to enable a system-assigned managed identity. With managed identity and Azure RBAC, you granted Form Recognizer specific access rights to documents and files stored in your storage resource without having to manage credentials, such as SAS tokens.
122
+
That's it! You've completed the steps to enable a system-assigned managed identity. With managed identity and Azure RBAC, you granted Form Recognizer specific access rights to your storage resource without having to manage credentials such as SAS tokens.
Copy file name to clipboardExpand all lines: articles/cognitive-services/Translator/document-translation/managed-identity.md
+13-5Lines changed: 13 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: Create and use managed identities
2
+
title: Create and use managed identities for Document Translation
3
3
titleSuffix: Azure Cognitive Services
4
4
description: Understand how to create and use managed identities in the Azure portal
5
5
author: laujan
@@ -11,15 +11,17 @@ ms.date: 02/22/2022
11
11
ms.author: lajanuar
12
12
---
13
13
14
-
# Create and use managed identities
14
+
# Managed identities for Document Translation
15
15
16
16
> [!IMPORTANT]
17
17
>
18
18
> Managed identities for Azure resources are currently unavailable for Document Translation service in the global region. If you intend to use managed identities for Document Translation operations, [create your Translator resource](https://portal.azure.com/#create/Microsoft.CognitiveServicesTextTranslation) in a non-global Azure region.
19
19
20
20
Managed identities for Azure resources are service principals that create an Azure Active Directory (Azure AD) identity and specific permissions for Azure managed resources:
21
21
22
-
* You can use managed identities **instead of a shared access signature (SAS) token** to grant access to any resource that supports Azure AD authentication, including your own applications. To grant access, assign a role to a managed identity using [Azure role-based access control (Azure RBAC)](../../../role-based-access-control/overview.md).
22
+
* You can use managed identities to grant access to any resource that supports Azure AD authentication, including your own applications. Unlike security keys and authentication tokens, managed identities eliminate the need for developers to manage credentials.
23
+
24
+
* To grant access to an Azure resource, assign an Azure role to a managed identity using [Azure role-based access control (Azure RBAC)](../../../role-based-access-control/overview.md).
23
25
24
26
* There's no added cost to use managed identities in Azure.
25
27
@@ -52,7 +54,11 @@ To get started, you'll need:
52
54
53
55
## Managed identity assignments
54
56
55
-
There are two types of managed identities: **system-assigned** and **user-assigned**. Currently, Document Translation is supported by system-assigned managed identities. A system-assigned managed identity is **enabled** directly on a service instance. It isn't enabled by default; you must go to your resource and update the identity setting. The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity will be deleted as well.
57
+
There are two types of managed identities: **system-assigned** and **user-assigned**. Currently, Document Translation is supports system-assigned managed identities:
58
+
59
+
* A system-assigned managed identity is **enabled** directly on a service instance. It isn't enabled by default; you must go to your resource and update the identity setting.
60
+
61
+
* The system-assigned managed identity is tied to your resource throughout its lifecycle. If you delete your resource, the managed identity will be deleted as well.
56
62
57
63
In the following steps, we'll enable a system-assigned managed identity and grant your Translator resource limited access to your Azure blob storage account.
58
64
@@ -74,7 +80,9 @@ In the following steps, we'll enable a system-assigned managed identity and gran
74
80
75
81
## Grant access to your storage account
76
82
77
-
You need to grant Translator access to your storage account before it can create, read, or delete blobs. Now that you enabled Translator with a system-assigned managed identity, you can use Azure role-based access control (Azure RBAC), to give a managed identity (Translator) access to another resource (Azure storage), just like any security principal. The **Storage Blob Data Contributor** role gives Translator (represented by the system-assigned managed identity) read, write, and delete access to the blob container and data.
83
+
You need to grant Translator access to your storage account before it can create, read, or delete blobs. Now that you enabled Translator with a system-assigned managed identity, you can use Azure role-based access control (Azure RBAC), to give Translator access to Azure storage.
84
+
85
+
The **Storage Blob Data Contributor** role gives Translator (represented by the system-assigned managed identity) read, write, and delete access to the blob container and data.
78
86
79
87
1. Under **Permissions** select **Azure role assignments**:
0 commit comments