How Things Work: Azure Managed Identity and Service Principal

Cut through the confusion of Azure managed identity and service principal

Introduction

Recently I dabbled into Azure. One of the challenges I faced was to figure out how to integrate two services, and inevitably, I ran into the concepts of managed identity and service principal. It took me a while to grasp the concepts, and I’m sharing my learning here to whoever encounters the same challenge.

After reading the article, you will understand:

• How authentication using Active Directory works
• what are Azure Activity Directory and Service Principal and their differences
• How to use Azure libraries to programmatically authenticate with Azure Active Directory

Azure Active Directory

Azure Active Directory (AAD) is Microsoft’s cloud-based fully managed multi-tenant identity and access management service. An organisation can use it as its identity provider (IdP) to enable single sign-on (SSO) experience of applications running within or outside Azure environment. SSO brings in the benefit that when onboarding or revoking a user, his/her credentials and access permissions are centrally managed, which ensures better security and user experience.

A generic authentication workflow with an IdP is illustrated below (Please note different authentication…