cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Current Azure Managed Identity capabilities 2024?

zsucic1
New Contributor III

‎03-21-2024 03:59 PM

Hello everyone, 

I have a few questions about MI capabilites: 

  1. Is it possible to define a managed identity for Azure Databricks Service resource and use it for e.g.: 
    1. Writing to Azure SQL Server database 
    2. Authenticating to Azure Devops in order to download a repo 
  2. Is it possible to define a managed identity for Azure App Service resource and use it to download MLFLOW models from Databricks (Workspace/unity catalog based) model registry, using  

azure-identity Managed Identity library in python code to authenticate? If yes, are you aware of any additional steps to take, other than: 

  1. Turning on managed identity on App Service 
  2. Adding that managed identity to Databricks (as a service principal, which is required by Databricks) 

When I did those steps, I got 403 authentication error, is it likely to simply be a mistake on our part? 

  1. Is it possible to use a service principal to download a Azure DevOps repo from a Databricks job, by linking a Databricks Git credentials entry to it, as opposed to a mere user like user@gmail.com? 

Any answers, links, tips and comments are greatly appreciated. 

Thanks in advance!  

0 Kudos
2 REPLIES 2

zsucic1
New Contributor III

‎03-27-2024 02:21 AM

Hi Kaniz,

Thank you immensely for this thorough response!
You really helped us a lot
and enabled us to start resolving this problem strategically.
May I just ask you a few follow ups:

1. Regarding your 2nd point, do you know specifically if it is possible
to download Mlflow models as a Azure Managed Identity? If it is then
we made a mistake somewhere and we can systematically try to resolve it.


2. Regarding your 3rd point, thank you,
service principal is certainly an improvement over user account,
but do you know if this could be further improved by downloading
Azure DevOps Repo as a "Azure Databricks Service Managed identity",
instead of as a service principal. A corrollary question would be:
is it possible to run Databricks jobs as a
"Azure Databricks Service Managed identity",
instead of as a service principal.

0 Kudos

zsucic1
New Contributor III

‎03-27-2024 03:38 AM

Kaniz, thank you very much, you are the best! I will get to work implementing your advice 🙂

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements