|
| 1 | +--- |
| 2 | +title: Manage authentication in Service Connector |
| 3 | +description: Learn how to select and manage authentication parameters in Service Connector. |
| 4 | +author: maud-lv |
| 5 | +ms.service: service-connector |
| 6 | +ms.topic: how-to |
| 7 | +ms.date: 03/07/2023 |
| 8 | +ms.author: malev |
| 9 | +--- |
| 10 | + |
| 11 | +# Manage authentication within Service Connector |
| 12 | + |
| 13 | +In this guide, learn about the different authentication options available in Service Connector, and how to customize environment variables. |
| 14 | + |
| 15 | +## Prerequisites |
| 16 | + |
| 17 | +- An Azure subscription - [create one for free](https://azure.microsoft.com/free). |
| 18 | +- An Azure App Service, Azure Container Apps or Azure Spring Apps instance. |
| 19 | +- This guide assumes that you already know how the basics of connecting services using Service Connector. To review our quickstarts, go to [App Service](quickstart-portal-app-service-connection.md), [Container Apps](quickstart-portal-container-apps.md) or [Azure Spring Apps](quickstart-portal-spring-cloud-connection.md). |
| 20 | + |
| 21 | +## Start creating a new connection |
| 22 | + |
| 23 | +1. Within your App Service, Container Apps or Azure Spring Apps instance, open Service Connector and fill out the form in the **Basics** tab with the required information about your compute and target services. |
| 24 | +1. Select **Next : Authentication**. |
| 25 | + |
| 26 | +## Select an authentication option |
| 27 | + |
| 28 | +Select one of the four different authentication options offered by Service Connector to connect your Azure services together: |
| 29 | + |
| 30 | +- **System assigned managed identity**: provides an automatically managed identity tied to the resource in Azure Active Directory (Azure AD) |
| 31 | +- **User assigned managed identity**: provides an identity that can be used on multiple resources |
| 32 | +- **Connection string**: provides one or multiple key-value pairs with secrets or tokens |
| 33 | +- **Service principal**: creates a service principal that defines the access policy and permissions for the user/application in the Azure AD tenant |
| 34 | + |
| 35 | +Service Connector offers the following authentication options: |
| 36 | + |
| 37 | +| Target resource | System assigned managed identity | User assigned managed identity | Connection string | Service principal | |
| 38 | +|----------------------------------|--------------------------------------|--------------------------------------|--------------------------------------|--------------------------------------| |
| 39 | +| App Configuration |  |  |  |  | |
| 40 | +| Azure SQL |  | |  | | |
| 41 | +| Azure Cache for Redis | | |  | | |
| 42 | +| Azure Cache for Redis Enterprise | | |  | | |
| 43 | +| Azure Cosmos DB - Cassandra |  |  |  |  | |
| 44 | +| Azure Cosmos - Gremlin |  |  |  |  | |
| 45 | +| Azure Cosmos DB for MongoDB |  |  |  |  | |
| 46 | +| Azure Cosmos Table |  |  |  |  | |
| 47 | +| Azure Cosmos - SQL |  |  |  |  | |
| 48 | +| Blob Storage |  |  |  |  | |
| 49 | +| Confluent Cloud | | |  | | |
| 50 | +| Event Hubs |  |  |  |  | |
| 51 | +| Keyvault |  |  | |  | |
| 52 | +| MySQL single server |  | | | | |
| 53 | +| MySQL flexible server |  | |  | | |
| 54 | +| Postgres single server |  | |  | | |
| 55 | +| Postgres, flexible server |  | |  | | |
| 56 | +| Storage Queue |  |  |  |  | |
| 57 | +| Storage File | | |  | | |
| 58 | +| Storage Table | | |  | | |
| 59 | +| Service Bus |  |  |  |  | |
| 60 | +| SignalR |  |  |  |  | |
| 61 | +| WebPub Sub |  |  |  |  | |
| 62 | + |
| 63 | +## Review or update authentication configuration |
| 64 | + |
| 65 | +## [System assigned managed identity](#tab/managed-identity) |
| 66 | + |
| 67 | +When using a system-assigned managed identity, optionally review or update its authentication configuration by following these steps: |
| 68 | + |
| 69 | +1. Select **Advanced** to display more options. |
| 70 | +1. Under **Role**, review the default role selected for your source service or choose another one from the list. |
| 71 | +1. Under **Configuration information**, Service Connector lists a series of configuration settings that will be generated when you create the connection. This list consists of environment variables or application properties. It varies depending on the target resource and authentication method selected. Optionally select the edit button in front of each configuration setting to edit its key. |
| 72 | +1. Select **Done** to confirm. |
| 73 | + |
| 74 | + :::image type="content" source="./media/manage-authentication/managed-identity-advanced.png" alt-text="Screenshot of the Azure portal, showing advanced authentication configuration for a system-assigned managed identity."::: |
| 75 | + |
| 76 | +## [User assigned managed identity](#tab/user-assigned-identity) |
| 77 | + |
| 78 | +When using a user-assigned managed identity, review or edit its authentication settings by following these steps: |
| 79 | + |
| 80 | +1. Under **Subscription**, select the Azure subscription that contains your user-assigned managed identity. |
| 81 | +1. Under **User assigned managed identity**, select the managed identity you want to use. |
| 82 | + |
| 83 | + :::image type="content" source="./media/manage-authentication/user-assigned-identity-basic.png" alt-text="Screenshot of the Azure portal, showing basic authentication configuration for a user-assigned managed identity."::: |
| 84 | + |
| 85 | +1. Optionally select **Advanced** to display more options. |
| 86 | + 1. Under **Role**, review the default role selected for your source service or choose another one from the list. |
| 87 | + 1. Under **Configuration information**, Service Connector lists a series of configuration settings that will be generated when you create the connection. This list consists of environment variables or application properties and varies depending on the target resource and authentication method selected. Optionally select the edit button in front of each configuration setting to edit its key. |
| 88 | + 1. Select **Done** to confirm. |
| 89 | + |
| 90 | + :::image type="content" source="./media/manage-authentication/user-assigned-identity-advanced.png" alt-text="Screenshot of the Azure portal, showing advanced authentication configuration for a user-assigned managed identity."::: |
| 91 | + |
| 92 | +## [Connection string](#tab/connection-string) |
| 93 | + |
| 94 | +When using a connection string, review or edit its authentication settings by following these steps: |
| 95 | + |
| 96 | +1. Optionally select **Store Secret in Key Vault** to save your connection credentials in Azure Key Vault. This option lets you select an existing Key Vault connection from a drop-down list or create a new connection to a new or an existing Key Vault. |
| 97 | + |
| 98 | + :::image type="content" source="./media/manage-authentication/connection-string-basic-with-key-vault.png" alt-text="Screenshot of the Azure portal, showing basic authentication configuration to authenticate with a connection-string."::: |
| 99 | + |
| 100 | +1. Optionally select **Advanced** to display more options. |
| 101 | + 1. Under **Configuration information**, Service Connector lists a series of configuration settings that will be generated when you create the connection. This list consists of environment variables or application properties and varies depending on the target resource and authentication method selected. Optionally select the edit button in front of each configuration setting to edit its key. |
| 102 | + 1. Select **Done** to confirm. |
| 103 | + |
| 104 | + :::image type="content" source="./media/manage-authentication/connection-string-advanced.png" alt-text="Screenshot of the Azure portal, showing advanced authentication configuration to authenticate with a connection-string."::: |
| 105 | + |
| 106 | +## [Service principal](#tab/service-principal) |
| 107 | + |
| 108 | +When connecting Azure services using a service principal, review or edit authentication settings by following these steps: |
| 109 | + |
| 110 | +1. Choose a service principal by entering an object ID or name and selecting your service principal. |
| 111 | +1. Under **Secret**, enter the secret of the service principal. |
| 112 | +1. Optionally select **Store Secret in Key Vault** to save your connection credentials in Azure Key Vault. This option lets you select an existing Key Vault connection from a drop-down list or create a new connection to a new or an existing Key Vault. |
| 113 | + |
| 114 | + :::image type="content" source="./media/manage-authentication/service-principal-basic-with-key-vault.png" alt-text="Screenshot of the Azure portal, showing basic authentication configuration to authenticate with a service principal."::: |
| 115 | + |
| 116 | +1. Optionally select **Advanced** to display more options. |
| 117 | + 1. Under **Configuration information**, Service Connector lists a series of configuration settings that will be generated when you create the connection. This list consists of environment variables or application properties and varies depending on the target resource and authentication method selected. Optionally select the edit button in front of each configuration setting to edit its key. |
| 118 | + 1. Select **Done** to confirm. |
| 119 | + |
| 120 | + :::image type="content" source="./media/manage-authentication/service-principal-advanced.png" alt-text="Screenshot of the Azure portal, showing advanced authentication configuration to authenticate with a service principal."::: |
| 121 | + |
| 122 | +1. Select **Review + Create** and then **Create** to finalize the creation of the connection. |
| 123 | + |
| 124 | +--- |
| 125 | + |
| 126 | +## Check authentication configuration |
| 127 | + |
| 128 | +You can review authentication configuration on the following pages in the Azure portal: |
| 129 | + |
| 130 | +- When creating the connection, select the **Review + Create** tab and check the information listed under **Authentication**. |
| 131 | + |
| 132 | + :::image type="content" source="./media/manage-authentication/review-authentication.png" alt-text="Screenshot of the Azure portal, showing a summary of connection authentication configuration."::: |
| 133 | + |
| 134 | +- After you've created the connection, in the **Service connector** page, configuration keys are listed. |
| 135 | + :::image type="content" source="./media/manage-authentication/review-keys-after-creation.png" alt-text="Screenshot of the Azure portal, showing a summary of authentication configuration keys."::: |
| 136 | + |
| 137 | + |
| 138 | +## Next steps |
| 139 | + |
| 140 | +> [!div class="nextstepaction"] |
| 141 | +> [Service Connector internals](./concept-service-connector-internals.md) |
0 commit comments