Difference between Service Principal and Managed Identities in Azure
Question
I would like to know if it is always recommended to use Managed Identities in Azure, mostly system assigned or a Service Principal? When should Service Principals be used in Azure compared to a managed identity, what is the advantage of one over the other? Any help would be appreciated.
5 answers
solution1
30 2020-04-20 12:06:50
Internally, managed identities are service principals of a special type, which are locked to only be used with Azure resources. When the managed identity is deleted, the corresponding service principal is automatically removed. Also, when a User-Assigned or System-Assigned Identity is created, the Managed Identity Resource Provider (MSRP) issues a certificate internally to that identity.
and
So what's the difference?
Put simply, the difference between a managed identity and a service principal is that a managed identity manages the creation and automatic renewal of a service principal on your behalf.Source: What's an Azure Service Principal and Managed Identity?
solution2
4 2021-04-30 20:42:39
A managed identity is a type of the service principal.
A service principal can be one of three types: applicaiton, managed identity, and legacy. The division into types is based on circumstances of their usage. Thus their specific handling also differs based on their type.
rickvdbosch provided link to an article that talks about specifics of the managed identity type of the service principal. For those who would like to learn about the concept of the service principal object and its types, here is a link to a different article: Application and service principal objects in Azure Active Directory .
solution3
0 2021-07-25 18:08:56
A Service Principal could be looked at as similar to a service account-alike in a more traditional on-premises application or service scenario. Managed Identities are used for “linking” a Service Principal security object to an Azure Resource like a Virtual Machine, Web App, Logic App or similar
solution4
0 2022-01-22 01:46:12
An Azure service principle is like an application, whose tokens can be used by other azure resources to authenticate and grant access to azure resources.
Managed identities are service principals of a special type, which are locked to only be used with Azure resources.
The main difference between both is that in managed identity you don't need to specify any credentials in your code compared to service principles where you need to specify application id, client id, etc to generate a token to access any Azure resource. Ideally, you should opt for service principal only if the service you use doesn't support managed identity.
solution5
0 2022-08-16 13:23:29
Managed Identities are tied to a resource (VM, Logib App, etc). To give the resource grants and permissions for accessing(CRUD) other resources you use Managed Identities.
Service Principial do not have to be tied to a resource, they leave under tenant and above subscription, and what is more is more important - have some auth tokens that could be stored somewhere (Key Vault). It is like a fake user with some credentials and tokens.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.