Can custom (non-azure) service be a accessed using Azure managed identity?

0
votes

I am trying to utilize azure managed identities to provide me a way to authenticate/authorize actions on a non-azure service. I want to integrate my own service - as an oauth2 resource server.

I would like to be able to validate the received oauth2 token (assigned to an azure managed identity) in my own service, and based on the information in the valid token decide on further action.

I was trying to use an app registration for that purpose, but i haven't found a way how to link this with my desired managed identity.

I would appreciate an advise in this topic very much.

Thanks, Lukas

1
azureazure-managed-identity
It seems some good guidance is provided in the following blog post: medium.com/@dany74q/…. The proposed way is to create an oauth2 enabled app registration in AAD, create a specific scope / role and then grant the existing managed identity object access to this defined scope.Lukas Futera

1 Answers

0
votes

Every managed identity is backed by a service principal which can request permissions exposed trough Azure AD applications (resources). You just need to register an Azure AD Application and declare some roles (AKA application permissions). In your token request add the resource=<your resource app id uri> or scopes=<your resource app id uri>/.default parameter.