Search services uses a managed identity#
Security · Cognitive Search · 2021_06
Configure managed identities to access Azure resources.
Description#
Connections to Azure resources is required to use some features including indexing and customer managed-keys. Cognitive Search can use managed identities to authenticate to Azure resource without storing credentials.
Using Azure managed identities have the following benefits:
- You don't need to store or manage credentials. Azure automatically generates tokens and performs rotation.
- You can use managed identities to authenticate to any Azure service that supports Azure AD authentication.
- Managed identities can be used without any additional cost.
Recommendation#
Consider configuring a managed identity for each Cognitive Search service. Also consider using managed identities to authenticate to related Azure services.
Examples#
Configure with Azure template#
To deploy Cognitive Search services that pass this rule:
- Set the
identity.type
toSystemAssigned
.
For example:
Azure Template snippet
{
"apiVersion": "2020-08-01",
"name": "[parameters('serviceName')]",
"location": "[parameters('location')]",
"type": "Microsoft.Search/searchServices",
"identity": {
"type": "SystemAssigned"
},
"sku": {
"name": "[parameters('sku')]"
},
"properties": {
"replicaCount": 3,
"partitionCount": 1,
"hostingMode": "default"
},
"tags": {},
"dependsOn": []
}
Links#
- Use identity-based authentication
- What are managed identities for Azure resources?
- Set up an indexer connection to a data source using a managed identity
- Indexer access to Azure Storage using the trusted service exception (Azure Cognitive Search)
Last update:
2022-10-17