mattdot
commented
8 months ago This is a good feature to have. Need to investigate if PP APIs can accept MI credentials for authentication and how to grant Power Platform access rights to MI identities.
Open eduardodfmex opened 8 months ago
mattdot
commented
8 months ago This is a good feature to have. Need to investigate if PP APIs can accept MI credentials for authentication and how to grant Power Platform access rights to MI identities.
webstean
commented
2 months ago @mattdot, this is actually documented here: https://learn.microsoft.com/en-us/power-apps/maker/data-platform/azure-synapse-link-msi
Lonache
commented
1 week ago It would indeed be super useful to be able to configure a user-assigned managed identity to trust an external identity provider in Terraform, as per https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation-create-trust-user-assigned-managed-identity?pivots=identity-wif-mi-methods-azp (this is only possible for applications right now). This is a matter for the azuread provider, correct?
Managed Identity auth for provider and pipelines
Managed identities (MI) provide an automatically managed identity in Microsoft Entra ID. Applications use managed identities to connect to resources that support Microsoft Entra authentication, and to obtain Microsoft Entra tokens, without credentials management. Consider to use MI to authenticate and create resources with the Power Platform Terraform provide.
Posible Tasks • Implement MI on the provider or investigate if works now. • Investigate or implement the “Configure a user-assigned managed identity to trust an external identity provider”, After you configure your user-assigned managed identity to trust an external IdP, configure your external software workload to exchange a token from the external IdP for an access token from Microsoft identity platform. The external workload uses the access token to access Microsoft Entra protected resources without needing to manage secrets (in supported scenarios). To learn more about the token exchange workflow, read about workload identity federation. • Evaluate MI considerations and restrictions; Create a trust relationship between a user-assigned managed identity and an external identity provider - Microsoft Entra Workload ID | Microsoft Learn • See the feasibility to use MI on Github actions or Azure DevOps pipelines or create issues on the products backlog.
DOD • Create Power Platform resources using MI on Dev environment (desktop Plan / apply on local host) • Create and document process and QuickStart’s. • Create and document a GitHub action that use MI to deploy resources. • Create and document and Azure DevOps pipeline that use MI to deploy resources.