I have an Azure Data Explorer cluster that's stood up in tenant A. I am trying to connect to it from my Grafana UI(adding a new data source), which is in tenant B. In the Azure Data Explorer cluster DB, I have added the necessary permissions using the app id and tenant id using. Now I see my app in the listed in the ADE permissions screen with "Viewer" access.
.add database Grafana viewers ('aadapp=<your client id>;<your tenantid>')
Now when I try to save and test my connection in the Grafana UI, using Managed Identity auth (given I had previously added my app as a viewer), I am getting a timeout, as in, Grafana is not able to make a successful connection? Why is this so? Is cross tenant viewer access with Managed Identity auth not supported?
But it seems doable based on this article: https://hermanwu.medium.com/troubleshooting-azure-data-explorer-kusto-cross-tenant-access-issues-156cbe2313a2
Should I use App Registration auth and add a client secret? This is not at all preferable for our team, unless there is no option to do this with Managed Identity.