![]() See Access Azure AD protected resources from an app in Google Cloud. Then configure your software workload running in Google Cloud to get an access token from Microsoft identity provider and access Azure AD protected resources. First, configure a trust relationship between your app in Azure AD and an identity in Google Cloud. Then configure a GitHub Actions workflow to get an access token from Microsoft identity provider and access Azure resources. First, Configure a trust relationship between your app in Azure AD and a GitHub repo in the Azure portal or using Microsoft Graph. ![]() The following scenarios are supported for accessing Azure AD protected resources using workload identity federation: The federated identity credentials flow does not support tokens issued by Azure AD. Supported scenariosĪzure AD issued tokens may not be used for federated identity flows. This eliminates the maintenance burden of manually managing credentials and eliminates the risk of leaking secrets or having certificates expire. Your software workload then uses that access token to access the Azure AD protected resources to which the workload has been granted access. Once that trust relationship is created, your software workload can exchange trusted tokens from the external IdP for access tokens from Microsoft identity platform. You use workload identity federation to configure an Azure AD app registration or user-assigned managed identity to trust tokens from an external identity provider (IdP), such as GitHub. You also run the risk of service downtime if the credentials expire. ![]() These credentials pose a security risk and have to be stored securely and rotated regularly. For a software workload running outside of Azure, you need to use application credentials (a secret or certificate) to access Azure AD protected resources (such as Azure, Microsoft Graph, Microsoft 365, or third-party resources). When these workloads run on Azure, you can use managed identities and the Azure platform manages the credentials for you. Typically, a software workload (such as an application, service, script, or container-based application) needs an identity in order to authenticate and access resources or communicate with other services.
0 Comments
Leave a Reply. |