Use Managed Identity with Azure B2C Directly or with KeyVault

0
votes

Goal: Prevent the use of client ID and secrets when making calls to Graph API. Is either of the following possible?

  1. Use Azure Managed Identity (that has been given Microsoft Graph API permissions) in applications using Azure B2C for Authentication. Thus avoiding the use of client ID and secrets.
  2. If 1. is not possible, used Managed Identity (that has been given Microsoft Graph API permissions) in applications using Azure B2C for authentication to access secrets in Azure KeyVault.
1
azureazure-ad-b2cazure-managed-identityazure-ad-b2c-custom-policy
Anyone got any ideas?Bandz

1 Answers

0
votes

MSI does not work with B2C, B2C does not host Azure Resources or Azure subscriptions. Instead you have your app hosted in the Azure Subcription tied to your Corp AAD, where you can create MSI's to access things like KeyVault (KV). Unfortunately that does mean that you cannot use MSI to access Graph API in the context of the B2C tenant.