What causes ManagedIdentityCredentialObjectNotSupported?

Managed identity not supported for this connector. Integration runtime configuration is incorrect or outdated. Authentication credentials or permissions are insufficient. The feature or setting is not supported for the selected connector or copy mode

How do I fix ManagedIdentityCredentialObjectNotSupported?

Open the linked service and change the authentication type from 'Managed Identity' to a supported method — check the ADF connector docs for the specific connector to see which authentication types are supported.. If using a user-assigned managed identity, check whether the connector supports it — some connectors only support the ADF service's system-assigned identity, not user-assigned identities configured as credential objects.. Switch to service principal authentication as an alternative — register an app in Azure AD, create a client secret, assign RBAC roles on the target resource, and configure the linked service with the client ID and secret.. Verify the connector documentation page for the specific connector (e.g., Snowflake, Google BigQuery, Salesforce) to confirm which authentication types are supported before reconfiguring.. After switching authentication methods, test the linked service connection and re-run the pipeline.

Medium severityauthentication

Power BI Refresh Error:
ManagedIdentityCredentialObjectNotSupported

What does this error mean?

The connector or operation does not support managed identity authentication. Use service principal or account key authentication instead.

Common causes

1Managed identity not supported for this connector
2Integration runtime configuration is incorrect or outdated
3Authentication credentials or permissions are insufficient
4The feature or setting is not supported for the selected connector or copy mode

How to fix it

1Open the linked service and change the authentication type from 'Managed Identity' to a supported method — check the ADF connector docs for the specific connector to see which authentication types are supported.
2If using a user-assigned managed identity, check whether the connector supports it — some connectors only support the ADF service's system-assigned identity, not user-assigned identities configured as credential objects.
3Switch to service principal authentication as an alternative — register an app in Azure AD, create a client secret, assign RBAC roles on the target resource, and configure the linked service with the client ID and secret.
4Verify the connector documentation page for the specific connector (e.g., Snowflake, Google BigQuery, Salesforce) to confirm which authentication types are supported before reconfiguring.
5After switching authentication methods, test the linked service connection and re-run the pipeline.

Frequently asked questions

Who needs to take action to fix an authentication failure in ADF?

Typically the pipeline owner (to re-authorize OAuth or update credentials) or an Azure AD admin (to re-enable a disabled service principal or reset a Conditional Access block). The error message indicates which identity is failing.

Can a Conditional Access policy cause ADF authentication failures?

Yes — Conditional Access policies requiring MFA or blocking non-compliant devices can affect ADF service principals. Check Azure AD sign-in logs for the service principal to identify the blocking policy.

Does ADF support managed identities to avoid credential management?

Yes — ADF supports system-assigned and user-assigned managed identities for many connectors (Azure SQL, Blob Storage, Key Vault, etc.). Managed identities use token-based authentication with no credentials to rotate or expire.

How long does it take for a new service principal secret to take effect in ADF?

After updating the secret in the ADF linked service and saving, the next pipeline run immediately uses the new credential. There is no propagation delay.

Official documentation: https://learn.microsoft.com/en-us/azure/data-factory/connector-troubleshoot-guide