You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this APIC video, we have to use a service principal to access to APIC portal.
However, APIC has already the Managed Identity feature. Can we use this managed identity to access to the APIC portal, instead of creating a new service principal?
Proposed solution
Use Managed Identity, users can access to the APIC portal.
Additional context
Managed Identity (MI) is basically working as like a Service Principal, which is the same as the app registered through App Registration. MI works slightly differently though.
To me, it gives me implication that the app registration process outside APIC blocks users from being more accessible because they have to be out of the APIC screen 👉 Go to Entra ID 👉 Do the app registration 👉 Do all the permissions stuff 👉 Be back to APIC to finalise.
I think the purpose of MI is to simplify these steps. Please correct me if I'm wrong about MI.
The text was updated successfully, but these errors were encountered:
Any website that gives humans an opportunity to click a "sign in" button and then sign into that website as their human Entra identity...
...needs to be able to tell those humans what website it is that's asking for them to click a "yes, go ahead and log in as my Entra identity; I trust this website to know who I am" prompt.
So, while things like your APIC resource's SMI's associated Entra Service Principal can do things like serve as the principal for an Azure RBAC Role Assignment(e.g. so that your APIM resource can let your APIC resource in as a reader of what all is sitting around in APIM)...
...I believe that saying "Hi, I'm website X -- are you sure you want to log into me as your Entra human identity?" isn't something that can be done through an Entra Service Principal at all.
Therefore, it's not actually the Entra Service Principal associated with an AppReg that you're interested in when you create the AppReg, in this case. Which is why a SMI isn't an alternative to an AppReg.
Instead, I believe what you're creating the AppReg for is its ability to say, "Hi, I'm website X!"
@kkgthb is spot on here! We still need to do an app registration for the reasons explained in that reply. I'll go ahead and close this - if there's any more confusion happy to chat at piboggan@microsoft.com. Thanks again for your bug report :)
What are you trying to achieve?
In this APIC video, we have to use a service principal to access to APIC portal.
However, APIC has already the Managed Identity feature. Can we use this managed identity to access to the APIC portal, instead of creating a new service principal?
Proposed solution
Additional context
Managed Identity (MI) is basically working as like a Service Principal, which is the same as the app registered through App Registration. MI works slightly differently though.
To me, it gives me implication that the app registration process outside APIC blocks users from being more accessible because they have to be out of the APIC screen 👉 Go to Entra ID 👉 Do the app registration 👉 Do all the permissions stuff 👉 Be back to APIC to finalise.
I think the purpose of MI is to simplify these steps. Please correct me if I'm wrong about MI.
The text was updated successfully, but these errors were encountered: