You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-identity-based-service-authentication.md
+12-1Lines changed: 12 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,6 +33,18 @@ Azure Machine Learning is composed of multiple Azure services. There are multipl
33
33
34
34
* You must be familiar with creating and working with [Managed Identities](../active-directory/managed-identities-azure-resources/overview.md).
35
35
36
+
## Workspace identity types
37
+
38
+
The Azure Machine Learning workspace uses a __managed identity__ to communicate with other services. Multiple identity types are supported for Azure Machine Learning.
39
+
40
+
| Managed identity type | Role assignment creation | Purpose |
41
+
| ---- | :----: | :----: |
42
+
| System-assigned (SAI) | Managed by Microsoft | Lifecycle tied to resource; single resource use; simple to get started |
43
+
| System-assigned+user-assigned (SAI+UAI) |[Managed by you](#user-assigned-managed-identity)| Independent lifecycle for user-assigned identity, multi-resource use, controls least privileged access. Access data in training jobs. |
44
+
45
+
Once a workspace is created with SAI identity type, it can be updated to SAI+UAI, but not back from SAI+UAI to SAI. You may assign multiple user-assigned identities to the same workspace.
46
+
47
+
36
48
## Azure Container Registry and identity types
37
49
38
50
This table lists the support matrix when authenticating to __Azure Container Registry__, depending on the authentication method and the __Azure Container Registry's__[public network access configuration](/azure/container-registry/container-registry-access-selected-networks).
@@ -165,7 +177,6 @@ Not supported currently.
165
177
> [!TIP]
166
178
> To add a new UAI, you can specify the new UAI ID under the section user_assigned_identities in addition to the existing UAIs, it's required to pass all the existing UAI IDs.<br>
167
179
To delete one or more existing UAIs, you can put the UAI IDs which needs to be preserved under the section user_assigned_identities, the rest UAI IDs would be deleted.<br>
168
-
To update identity type from SAI to UAI|SAI, you can change type from "user_assigned" to "system_assigned, user_assigned".
169
180
170
181
### Add a user-assigned managed identity to a workspace in addition to a system-assigned identity
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments