Skip to content

Latest commit

 

History

History
78 lines (62 loc) · 3.46 KB

optimization-authenticate-service-principal.md

File metadata and controls

78 lines (62 loc) · 3.46 KB
author description ms.author ms.date ms.service ms.subservice ms.topic title uid
anraman
This document provides instructions on how to authenticate using a service principal.
anraman
02/01/2021
azure-quantum
core
how-to
Using a service principal to authenticate
microsoft.quantum.optimization.authenticate-service-principal

Using a service principal to authenticate

Sometimes it is unsuitable to use interactive authentication or to authenticate as a user account. These cases may arise when you want to submit jobs from a web service, another worker role, or an automated system. In this case you typically want to authenticate using a Service Principal.

Prerequisite: Create a service principal and application secret

To authenticate as a service principal, you must first create a service principal.

To create a service principal, assign access, and generate a credential:

  1. Create an Azure AAD application:

    [!NOTE] You do not need to set a redirect URI

    1. Once created, write down the Application (client) ID and the Directory (tenant) ID.

  2. Create a credential to login as the application:

    1. In the settings for your application, select Certificates & secrets.
    2. Under Client Secrets, select Create New Secret.
    3. Provide a description and duration, then select Add.
    4. Copy the value of the secret to a safe place immediately - you won't be able to see it again!

  3. Give your service principal permissions to access your workspace:

    1. Open the Azure Portal.
    2. In the search bar, enter the name of the resource group you created your workspace in. Select the resource group when it comes up in the results.
    3. On the resource group overview, select Access control (IAM).
    4. Click Add Role Assignment.
    5. Search for and select the service principal.
    6. Assign either the Contributor or Owner role.

Authenticate as the service principal

Step 1: Install the azure-common python package:

pip3 install azure-common

Step 2: Before you call workspace.login(), instantiate your service principal and provide it to the workspace:

from azure.common.credentials import ServicePrincipalCredentials
workspace.credentials = ServicePrincipalCredentials(
    tenant    = "", # From service principal creation, your Directory (tenant) ID
    client_id = "", # From service principal creation, your Application (client) ID
    secret    = "", # From service principal creation, your secret
    resource  = "https://quantum.microsoft.com" # Do not change! This is the resource you want to authenticate against - the Azure Quantum service
)

That's it! Make sure you call workspace.login() after setting up the service principal and you should be able to create jobs as usual.

Note

Calling workspace.login(refresh=True) will clear the workspace.credentials property and force a new Interactive Device Authentication. Whatever credentials were set in the workspace.credentials will be lost, including ServicePrincipalCredentials.