Authorize a managed identity request by using Microsoft Entra ID
Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from managed identities.
This article shows you how to configure your Web PubSub resource and code to authorize the request to a Web PubSub resource from a managed identity.
Configure managed identities
The first step is to configure managed identities.
In this section, you set up a system-assigned managed identity on a virtual machine by using the Azure portal.
In the Azure portal, search for and then select a virtual machine (VM).
Under Settings, select Identity.
On the System assigned tab, set Status to On.
Select Save to confirm the change.
Create a user-assigned managed identity
Learn how to create a user-assigned managed identity.
Configure managed identities on other platforms
- Configure managed identities for Azure resources on a VM by using the Azure portal
- Configure managed identities for Azure resources on an Azure VM by using Azure PowerShell
- Configure managed identities for Azure resources on an Azure VM by using the Azure CLI
- Configure managed identities for Azure resources on an Azure VM by using a template
- Configure managed identities for Azure resources on a VM by using the Azure SDK
Configure managed identities for Azure App Service and Azure Functions
Learn how to use managed identities for App Service and Functions.
Add a role assignment in the Azure portal
This section demonstrates how to assign the Web PubSub Service Owner role to a system-assigned identity for a Web PubSub resource.
Note
You can assign a role to any scope, including management group, subscription, resource group, and single resource. For more information about scope, see Understand scope for Azure RBAC.
In the Azure portal, go to your Web PubSub resource.
On the left menu, select Access control (IAM) to display access control settings for your Web PubSub instance.
Select the Role assignments tab and view the role assignments at this scope.
The following screenshot shows an example of the Access control (IAM) pane for a Web PubSub resource:
Select Add > Add role assignment.
Select the Roles tab, and then select Web PubSub Service Owner.
Select Next.
Select the Members tab. Under Assign access to, select Managed identity.
Choose Select Members.
On the Select managed identities pane, select System-assigned managed identity > Virtual machine.
Search for and then select the virtual machine that you want to assign the role to.
Choose Select to confirm the selection.
Select Next.
Select Review + assign to confirm the change.
Important
Azure role assignments might take up to 30 minutes to propagate.
To learn more about how to assign and manage Azure role assignments, see these articles:
- Assign Azure roles by using the Azure portal
- Assign Azure roles by using REST API
- Assign Azure roles by using Azure PowerShell
- Assign Azure roles by using the Azure CLI
- Assign Azure roles by using an Azure Resource Manager template
Sample codes that use Microsoft Entra authorization
Get samples that use Microsoft Entra authorization in our four officially supported programming languages: