ServicePrincipalAuthentication Class
Manages authentication using a service principle instead of a user identity.
Service Principal authentication is suitable for automated workflows like for CI/CD scenarios. This type of authentication decouples the authentication process from any specific user login, and allows for managed access control.
Class ServicePrincipalAuthentication constructor.
- Inheritance
-
ServicePrincipalAuthentication
Constructor
ServicePrincipalAuthentication(tenant_id, service_principal_id, service_principal_password, cloud='AzureCloud', _enable_caching=True)Parameters
| Name | Description |
|---|---|
|
tenant_id
Required
|
The active directory tenant that the service identity belongs to. |
|
service_principal_id
Required
|
The service principal ID. |
|
service_principal_password
Required
|
The service principal password/key. |
|
cloud
|
The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used. Default value: AzureCloud
|
|
tenant_id
Required
|
The active directory tenant that the service identity belongs to. |
|
service_principal_id
Required
|
The service principal id. |
|
service_principal_password
Required
|
The service principal password/key. |
|
cloud
Required
|
The name of the target cloud. Can be one of "AzureCloud", "AzureChinaCloud", or "AzureUSGovernment". If no cloud is specified, "AzureCloud" is used. |
|
_enable_caching
|
Default value: True
|
Remarks
Service principal authentication involves creating an App Registration in Azure Active Directory. First, you generate a client secret, and then you grant your service principal role access to your machine learning workspace. Then, you use the ServicePrincipalAuthentication class to manage your authentication flow.
import os
from azureml.core.authentication import ServicePrincipalAuthentication
svc_pr_password = os.environ.get("AZUREML_PASSWORD")
svc_pr = ServicePrincipalAuthentication(
tenant_id="my-tenant-id",
service_principal_id="my-application-id",
service_principal_password=svc_pr_password)
ws = Workspace(
subscription_id="my-subscription-id",
resource_group="my-ml-rg",
workspace_name="my-ml-workspace",
auth=svc_pr
)
print("Found workspace {} at location {}".format(ws.name, ws.location))
Full sample is available from https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb
To learn about creating a service principal and allowing the service principal to access a machine learning workspace, see Set up service principal authentication.