You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/redis/entra-for-authentication.md
+19-9Lines changed: 19 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,7 +18,7 @@ Azure Managed Redis offers two methods to [authenticate](configure.md#authentica
18
18
19
19
Although access key authentication is simple, it comes with a set of challenges around security and password management. For contrast, in this article, you learn how to use a Microsoft Entra token for cache authentication.
20
20
21
-
Azure Managed Redis offers a password-free authentication mechanism by integrating with [Microsoft Entra](/azure/active-directory/fundamentals/active-directory-whatis). The Entra ID configured to connect with Azure Managed Redis is assigned the same permissions as with using Access Keys.
21
+
Azure Managed Redis offers a password-free authentication mechanism by integrating with [Microsoft Entra](/azure/active-directory/fundamentals/active-directory-whatis). The Entra ID configured to connect with Azure Managed Redis is assigned the same permissions as when using Access Keys.
22
22
23
23
In this article, you learn how to use your service principal or managed identity to connect to your Redis instance.
24
24
@@ -39,36 +39,46 @@ When you disable access key authentication for a Redis instance, all existing cl
39
39
Before you disable access keys:
40
40
41
41
- Microsoft Entra authentication must be enabled.
42
-
- For geo-replicated caches, you must:
43
42
43
+
- For geo-replicated caches, you must:
44
44
1. Unlink the caches.
45
45
1. Disable access keys.
46
46
1. Relink the caches.
47
47
48
-
If you have a cache where you use access keys, and you want to disable access keys, follow this procedure:
48
+
If you have a cache where you want to disable access keys, follow this procedure:
49
49
50
50
1. In the Azure portal, select the Azure Managed Redis instance where you want to disable access keys.
51
51
52
52
1. On the **Resource** menu, select **Authentication**.
53
53
54
54
1. On the working pane, select **Access keys**.
55
55
56
-
1. Configure **Access Keys Authentication** to be disabled.
57
-
58
-
<!-- :::image type="content" source="media/entra-for-authentication/managed-redis-disable-access-keys.png" alt-text="Screenshot showing access keys in the working pane with the Disable Access Keys Authentication checkbox. "::: -->
56
+
1. Select the **Access Keys Authentication** control to disable access keys.
59
57
60
58
1. Confirm that you want to update your configuration by selecting **Yes**.
61
59
62
-
> [!IMPORTANT]
63
-
> When the **Disable Access Keys Authentication** setting is changed for a cache, all existing client connections, using access keys or Microsoft Entra, are terminated. Follow the best practices to implement proper retry mechanisms for reconnecting Microsoft Entra-based connections. For more information, see [Connection resilience](best-practices-connection.md).
60
+
> [!IMPORTANT]
61
+
> When the **Disable Access Keys Authentication** setting is changed for a cache, all existing client connections, using access keys or Microsoft Entra, are terminated. Follow the best practices to implement proper retry mechanisms for reconnecting Microsoft Entra-based connections. For more information, see [Connection resilience](best-practices-connection.md).
64
62
65
63
## Configure your Redis client to use Microsoft Entra
66
64
67
65
Because most Azure Managed Redis clients assume that a password and access key are used for authentication, you likely need to update your client workflow to support authentication by using Microsoft Entra. In this section, you learn how to configure your client applications to connect to Azure Managed Redis by using a Microsoft Entra token.
68
66
67
+
### Add users or System principal to your cache
68
+
69
+
1. Connect to your cache in the Azure portal
70
+
71
+
1. On the Resource menu, select **Authentication**.
72
+
73
+
1. On the **Microsoft Entra Authentication** tab, select **User or service principal** and then **+ Select member**.
74
+
75
+
1. Type the name of the user who you want to run the program. Select the user to add in the list and **Select**. The user is added to the list of Redis users.
76
+
77
+
:::image type="content" source="media/entra-for-authentication/redis-add-user.png" alt-text="Screenshot of the authentication tab in a Redis cache on the Azure portal.":::
78
+
69
79
### Microsoft Entra client workflow
70
80
71
-
1. Configure your client application to acquire a Microsoft Entra token for scope, `https://redis.azure.com/.default` or `acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default`, by using the [Microsoft Authentication Library (MSAL)](/azure/active-directory/develop/msal-overview).
81
+
1. Configure your client application to acquire a Microsoft Entra token for scope, `https://redis.azure.com/.default`, or `acca5fbb-b7e4-4009-81f1-37e38fd66d78/.default`, by using the [Microsoft Authentication Library (MSAL)](/azure/active-directory/develop/msal-overview).
72
82
73
83
1. Update your Redis connection logic to use the following `User` and `Password`:
0 commit comments