Muokkaa

Jaa


Identity and access management for Python apps on Azure

Identity and access management for Python apps on Azure are fundamentally about the authentication of the identity of a user, group, application, or service and authorization of that identity to perform requested actions on Azure resources. There are different identity and access management options you can choose from depending on your application and security needs. This article provides links to resources to help you get started.

For an overview of authentication and authorization in Azure, see Recommendations for identity and access management.

Passwordless connections

Whenever possible, we recommend you use managed identities to simplify overall management and improve security. Specifically, use passwordless connections to avoid using embedding sensitive data such as passwords in code or environment variables.

The resources listed show how to use Azure Python SDK and passwordless connections with the DefaultAzureCredential. The DefaultAzureCredential is appropriate for most applications that will run in Azure because it combines common production credentials with development credentials.

Service Connector

Many Azure resources you're likely to use with to your Python apps enable the Service Connector service. Service Connector helps you configure network settings and connection information between Azure services such as App Service and Container Apps and other services such as storage or databases.

Key Vault

Using a key management solution like Azure Key Vault gives you more control but with an increase in management complexity.

Authentication and identity for signing in users in apps

You can build Python applications that enable your users and customers to sign in using their Microsoft identities or social accounts. Your app authorizes access to your own APIs or Microsoft APIs like Microsoft Graph.