ServicePrincipalAuthentication Class

Manages authentication using a service principle instead of a user identity.

Service Principal authentication is suitable for automated workflows like for CI/CD scenarios. This type of authentication decouples the authentication process from any specific user login, and allows for managed access control.

Class ServicePrincipalAuthentication constructor.

Inheritance
ServicePrincipalAuthentication

Constructor

ServicePrincipalAuthentication(tenant_id, service_principal_id, service_principal_password, cloud='AzureCloud', _enable_caching=True)

Parameters

Name Description
tenant_id
Required
str

The active directory tenant that the service identity belongs to.

service_principal_id
Required
str

The service principal ID.

service_principal_password
Required
str

The service principal password/key.

cloud
str

The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used.

Default value: AzureCloud
tenant_id
Required
str

The active directory tenant that the service identity belongs to.

service_principal_id
Required
str

The service principal id.

service_principal_password
Required
str

The service principal password/key.

cloud
Required
str

The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used.

_enable_caching
Default value: True

Remarks

Service principal authentication involves creating an App Registration in Azure Active Directory. First, you generate a client secret, and then you grant your service principal role access to your machine learning workspace. Then, you use the ServicePrincipalAuthentication class to manage your authentication flow.


   import os
   from azureml.core.authentication import ServicePrincipalAuthentication

   svc_pr_password = os.environ.get("AZUREML_PASSWORD")

   svc_pr = ServicePrincipalAuthentication(
       tenant_id="my-tenant-id",
       service_principal_id="my-application-id",
       service_principal_password=svc_pr_password)


   ws = Workspace(
       subscription_id="my-subscription-id",
       resource_group="my-ml-rg",
       workspace_name="my-ml-workspace",
       auth=svc_pr
       )

   print("Found workspace {} at location {}".format(ws.name, ws.location))

Full sample is available from https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb

To learn about creating a service principal and allowing the service principal to access a machine learning workspace, see Set up service principal authentication.