Authorize a managed identity request by using Microsoft Entra ID

Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from managed identities.

This article shows you how to configure your Web PubSub resource and code to authorize the request to a Web PubSub resource from a managed identity.

Configure managed identities

The first step is to configure managed identities.

In this section, you set up a system-assigned managed identity on a virtual machine by using the Azure portal.

  1. In the Azure portal, search for and then select a virtual machine (VM).

  2. Under Settings, select Identity.

  3. On the System assigned tab, set Status to On.

    Screenshot that shows creating a system identity for a virtual machine.

  4. Select Save to confirm the change.

Create a user-assigned managed identity

Learn how to create a user-assigned managed identity.

Configure managed identities on other platforms

Configure managed identities for Azure App Service and Azure Functions

Learn how to use managed identities for App Service and Functions.

Add a role assignment in the Azure portal

This section demonstrates how to assign the Web PubSub Service Owner role to a system-assigned identity for a Web PubSub resource.

Note

You can assign a role to any scope, including management group, subscription, resource group, and single resource. For more information about scope, see Understand scope for Azure RBAC.

  1. In the Azure portal, go to your Web PubSub resource.

  2. On the left menu, select Access control (IAM) to display access control settings for your Web PubSub instance.

  3. Select the Role assignments tab and view the role assignments at this scope.

    The following screenshot shows an example of the Access control (IAM) pane for a Web PubSub resource:

    Screenshot that shows an example of the Access control (IAM) pane.

  4. Select Add > Add role assignment.

  5. Select the Roles tab, and then select Web PubSub Service Owner.

  6. Select Next.

    Screenshot that shows adding a role assignment.

  7. Select the Members tab. Under Assign access to, select Managed identity.

  8. Choose Select Members.

  9. On the Select managed identities pane, select System-assigned managed identity > Virtual machine.

  10. Search for and then select the virtual machine that you want to assign the role to.

  11. Choose Select to confirm the selection.

  12. Select Next.

    Screenshot that shows assigning a role to managed identities.

  13. Select Review + assign to confirm the change.

Important

Azure role assignments might take up to 30 minutes to propagate.

To learn more about how to assign and manage Azure role assignments, see these articles:

Sample codes that use Microsoft Entra authorization

Get samples that use Microsoft Entra authorization in our four officially supported programming languages: