create_azure_login {AzureRMR}R Documentation

Login to Azure Resource Manager


Login to Azure Resource Manager


create_azure_login(tenant = "common", app = .az_cli_app_id,
  password = NULL, username = NULL, certificate = NULL,
  auth_type = NULL, version = 2, host = "",
  aad_host = "", scopes = ".default",
  config_file = NULL, token = NULL,
  graph_host = "", ...)

get_azure_login(tenant = "common", selection = NULL, app = NULL,
  scopes = NULL, auth_type = NULL, refresh = TRUE)

delete_azure_login(tenant = "common", confirm = TRUE)




The Azure Active Directory tenant for which to obtain a login client. Can be a name ("myaadtenant"), a fully qualified domain name ("" or ""), or a GUID. The default is to login via the "common" tenant, which will infer your actual tenant from your credentials.


The client/app ID to use to authenticate with Azure Active Directory. The default is to login interactively using the Azure CLI cross-platform app, but you can supply your own app credentials as well.


If auth_type == "client_credentials", the app secret; if auth_type == "resource_owner", your account password.


If auth_type == "resource_owner", your username.


If 'auth_type == "client_credentials", a certificate to authenticate with. This is a more secure alternative to using an app secret.


The OAuth authentication method to use, one of "client_credentials", "authorization_code", "device_code" or "resource_owner". If NULL, this is chosen based on the presence of the username and password arguments.


The Azure Active Directory version to use for authenticating.


Your ARM host. Defaults to Change this if you are using a government or private cloud.


Azure Active Directory host for authentication. Defaults to Change this if you are using a government or private cloud.


The Azure Service Management scopes (permissions) to obtain for this login. Only for version=2.


Optionally, a JSON file containing any of the arguments listed above. Arguments supplied in this file take priority over those supplied on the command line. You can also use the output from the Azure CLI az ad sp create-for-rbac command.


Optionally, an OAuth 2.0 token, of class AzureToken. This allows you to reuse the authentication details for an existing session. If supplied, the other arguments above to create_azure_login will be ignored.


The Microsoft Graph endpoint. See 'Microsoft Graph integration' below.


For create_azure_login, other arguments passed to get_azure_token.


For get_azure_login, if you have multiple logins for a given tenant, which one to use. This can be a number, or the input MD5 hash of the token used for the login. If not supplied, get_azure_login will print a menu and ask you to choose a login.


For get_azure_login, whether to refresh the authentication token on loading the client.


For delete_azure_login, whether to ask for confirmation before deleting.


create_azure_login creates a login client to authenticate with Azure Resource Manager (ARM), using the supplied arguments. The Azure Active Directory (AAD) authentication token is obtained using get_azure_token, which automatically caches and reuses tokens for subsequent sessions. Note that credentials are only cached if you allowed AzureRMR to create a data directory at package startup.

create_azure_login() without any arguments is roughly equivalent to the Azure CLI command az login.

get_azure_login returns a login client by retrieving previously saved credentials. It searches for saved credentials according to the supplied tenant; if multiple logins are found, it will prompt for you to choose one.

One difference between create_azure_login and get_azure_login is the former will delete any previously saved credentials that match the arguments it was given. You can use this to force AzureRMR to remove obsolete tokens that may be lying around.


For get_azure_login and create_azure_login, an object of class az_rm, representing the ARM login client. For list_azure_logins, a (possibly nested) list of such objects.

If the AzureRMR data directory for saving credentials does not exist, get_azure_login will throw an error.

Microsoft Graph integration

If the AzureGraph package is installed and the graph_host argument is not NULL, create_azure_login will also create a login client for Microsoft Graph with the same credentials. This is to facilitate working with registered apps and service principals, eg when managing roles and permissions. Some Azure services also require creating service principals as part of creating a resource (eg Azure Kubernetes Service), and keeping the Graph credentials consistent with ARM helps ensure nothing breaks.

Linux DSVM note

If you are using a Linux Data Science Virtual Machine in Azure, you may have problems running create_azure_login() (ie, without any arguments). In this case, try create_azure_login(auth_type="device_code").

See Also

az_rm, AzureAuth::get_azure_token for more details on authentication methods, AzureGraph::create_graph_login for the corresponding function to create a Microsoft Graph login client

Azure Resource Manager overview, REST API reference

Authentication in Azure Active Directory

Azure CLI documentation


## Not run: 

# without any arguments, this will create a client using your AAD credentials
az <- create_azure_login()

# retrieve the login in subsequent sessions
az <- get_azure_login()

# this will create a Resource Manager client for the AAD tenant '',
# using the client_credentials method
az <- create_azure_login("myaadtenant", app="app_id", password="password")

# you can also login using credentials in a json file
az <- create_azure_login(config_file="~/creds.json")

## End(Not run)

[Package AzureRMR version 2.4.3 Index]