Eventstream’s Custom Endpoint is a powerful feature that allows users to send and fetch data from Eventstream. It provides two authentication methods for integrating external application:
- Microsoft Entra ID
- Shared access signature (SAS) Keys
In this blog, we’ll compare Entra ID and SAS Keys auth in Eventstream, explore use cases, and walk through how to connect Azure Logic Apps to Eventstream using managed identity authentication.
Entra ID authentication
Microsoft Entra ID authentication integrates seamlessly with Fabric workspace access, ensuring secure access without managing secrets. Users can grant permissions to security principal, which may be a user, a group, or an application service principal. It also supports Managed Identity authentication for Azure services like Logic Apps.Key benefits of using Entra ID auth:
- No need for secret management – Eliminates the need for storing, rotating and manage keys.
- Stronger security – Access to Fabric items is identity-based and managed within Fabric permissions.
- Simplified automation – Integrate seamlessly with Azure Managed Identities, enabling secure and automated connections.
SAS Keys authentication
Shared access signatures (SAS) keys provide a convenient way to grant temporary and limited access to Eventstream’s underlying Event Hub resource. Users can generate and revoke keys as needed.Potential risks & Limitations:
- Security vulnerability - If a SAS is leaked, anyone can use it to access Eventstream.
- Expiration issues – Applications using an expired SAS key lose access unless a new key is manually retrieved.
- Manual effort needed – Requires manual key rotation to maintain security.
How to connect Eventstream via Managed Identity?
Let’s walk through the key steps to connect Azure Logic Apps to Eventstream using Managed Identity authentication.Step 1: Enable Managed Identity in Azure Logic Apps
Open your Azure Logic App in the Azure Portal, navigate to the Identity section, and enable System-assigned managed identity.
Step 2: Assign Fabric Workspace Permissions
Open Manage access in your Fabric workspace and search for the Logic App’s Managed Identity (e.g., alex-logicapp2). Assign the Contributor or higher permission to the identity.
Step 3: Add a Custom Endpoint source to Eventstream
Open your Eventstream in Fabric and add a Custom Endpoint source. Select Entra ID authentication and copy the Event Hub information for later use.
Step 4: Add an Event Hub action in Logic Apps
In your Logic Apps workflow, add an HTTP trigger (if not already added). Add an Event Hub action and select Send event. Create a new connection and choose Logic Apps Managed Identity as the authentication type. Enter the Event Hub information from the previous step and save your changes.
Seamlessly_connect_Azure_Logic_Apps_to_Fabric_Eventstream_using_Managed_Identity
You’re all set! Go back to Eventstream and select Data Preview to check for incoming data.
Conclusion
By leveraging Microsoft Entra ID authentication, you can securely connect Azure Logic Apps to Eventstream without worrying about manual secret management. This approach enhances security, simplifies permission management, and improves operational efficiency.Start using Entra ID authentication in Eventstream today to enhance security and streamline your data streaming workflows. For more details, check out our Connect to Eventstream using Microsoft Entra ID authentication.
We value your feedback, so please send us your ideas and suggestions at askeventstreams@microsoft.com.