'Manage Identity' at Azure
Both Service Principal and Azure identity management are tools. However their ideal use differs okay.
- Service principle is great for apps that need specific access and control.
- Manage identity is good when you want Azure to handle the login details automatically. So behind the scene, if you want Azure to handle the creds, the certificates and everything. So manage identity is what we use.
Difference between Service principle and Manage identity
- Creation
- MI are automatically created and managed by Azure
- SP are manually created and managed by User
- Life Cycle
- MI are tied with life cycle of resources it assigned to. When the resource is deleted the identity is also deleted
- SP are independently of any resources. must be deleted explicitly
- Permission
- in MI, permission are directly assigned to resources
- In SP, permission are assigned to SP, which can be used across multiple resources
- Rotation of Secrets
- In MI No Need to manage secrets, as azure take create of it
- in SP, User is responsible for managing the rotation of secrets.
- Usage
- MI, must used with Azure Environment
- SP, can be user both with and outside Azure
- Scope
- Mi is Limited to resources it assigned to
- SP Can be used across multiple resources and services
Both are used for identity management and both are used to connect to resources and services in Azure Cloud.