You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-cache-for-redis/cache-azure-active-directory-for-authentication.md
+30-1Lines changed: 30 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ author: flang-msft
7
7
ms.custom: references_regions
8
8
ms.service: cache
9
9
ms.topic: conceptual
10
-
ms.date: 05/09/2024
10
+
ms.date: 07/17/2024
11
11
ms.author: franlanglois
12
12
13
13
---
@@ -57,6 +57,35 @@ To use the ACL integration, your client application must assume the identity of
57
57
58
58
For information on using Microsoft Entra ID with Azure CLI, see the [references pages for identity](/cli/azure/redis/identity).
59
59
60
+
## Disable access key authentication on your cache
61
+
62
+
Using Microsoft Entra ID is the secure way to connect your cache. We recommend using Microsoft Entra ID and disabling access keys.
63
+
64
+
When you disable access key Authentication for a cache, all existing client connections are terminated, whether they use access keys or Microsoft Entra ID auth-based. You're advised to follow the recommended Redis client best practices to implement proper retry mechanisms for reconnecting MS Entra-based connections, if any.
65
+
66
+
Before you disable access keys:
67
+
68
+
- Before you disable access keys, Microsoft Entra ID authorization must be enabled.
69
+
- Disabling access keys is only available for Basic, Standard, and Premium tier caches.
70
+
- For geo-replicated caches, before you disable accces keys, you must: 1) unlink the caches, 2) disable access keys, and finally, 3) relink the caches.
71
+
72
+
If you have a cache where access keys are used, and you want to disable access keys, follow this procedure.
73
+
74
+
1. In the Azure portal, select the Azure Cache for Redis instance where you'd like to disable access keys.
75
+
76
+
1. Select **Authentication** from the Resource menu.
:::image type="content" source="media/cache-azure-active-directory-for-authentication/cache-disable-access-keys.png" alt-text="Screenshot showing access keys in the working pane with a red box around Disable Access Key Authentication. ":::
83
+
84
+
1. You're asked to confirm that you want to update your configuration. Select **Yes**.
85
+
86
+
> [!IMPORTANT]
87
+
> When the **Disable Access Key Authentication**" setting is changed for a cache, all existing client connections, using access keys or Microsoft Entra ID, are terminated. Follow the best practices to implement proper retry mechanisms for reconnecting MS Entra-based connections. For more information, see [Connection resilience](cache-best-practices-connection.md).
88
+
60
89
## Using data access configuration with your cache
61
90
62
91
If you would like to use a custom access policy instead of Redis Data Owner, go to the **Data Access Configuration** on the Resource menu. For more information, see [Configure a custom data access policy for your application](cache-configure-role-based-access-control.md#configure-a-custom-data-access-policy-for-your-application).
0 commit comments