Εκπαίδευση
Πιστοποίηση
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Use managed identities for Azure Load Testing
This article shows how to create a managed identity for Azure Load Testing. You can use a managed identity to securely read secrets or certificates from Azure Key Vault in your load test. You can also use managed identities to simulate managed identity based authentication flows in your load test scripts.
A managed identity from Microsoft Entra ID allows your load testing resource to easily access Microsoft Entra protected Azure Key Vault. The identity is managed by the Azure platform and doesn't require you to manage or rotate any secrets. For more information about managed identities in Microsoft Entra ID, see Managed identities for Azure resources.
Azure Load Testing supports two types of identities:
- A system-assigned identity is associated with your load testing resource and is deleted when your resource is deleted. A resource can only have one system-assigned identity.
- A user-assigned identity is a standalone Azure resource that you can assign to your load testing resource. When you delete the load testing resource, the managed identity remains available. You can assign multiple user-assigned identities to the load testing resource.
Currently, you can only use the managed identity for accessing Azure Key Vault.
- An Azure account with an active subscription. If you don't have an Azure subscription, create a free account before you begin.
- An Azure load testing resource. If you need to create an Azure load testing resource, see the quickstart Create and run a load test.
- To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.
To assign a system-assigned identity for your Azure load testing resource, enable a property on the resource. You can set this property by using the Azure portal or by using an Azure Resource Manager (ARM) template.
To set up a managed identity in the portal, you first create an Azure load testing resource and then enable the feature.
In the Azure portal, go to your Azure load testing resource.
On the left pane, select Identity.
In the System assigned tab, switch Status to On, and then select Save.
On the confirmation window, select Yes to confirm the assignment of the managed identity.
After this operation completes, the page shows the Object ID of the managed identity, and lets you assign permissions to it.
Before you can add a user-assigned managed identity to an Azure load testing resource, you must first create this identity in Microsoft Entra ID. Then, you can assign the identity by using its resource identifier.
You can add multiple user-assigned managed identities to your resource. For example, if you need to access multiple Azure resources, you can grant different permissions to each of these identities.
Create a user-assigned managed identity by following the instructions mentioned in Create a user-assigned managed identity.
In the Azure portal, go to your Azure load testing resource.
On the left pane, select Identity.
Select the User assigned tab, and select Add.
Search and select the managed identity you created previously. Then, select Add to add it to the Azure load testing resource.
You might need to configure the target resource to allow access from your load testing resource. For example, if you read a secret or certificate from Azure Key Vault, or if you use customer-managed keys for encryption, you must also add an access policy that includes the managed identity of your resource. Otherwise, your calls to Azure Key Vault are rejected, even if you use a valid token.
Similarly, if you want to set failure criteria on server metrics, you should specify a Metrics Reference Identity to fetch metrics for. You should configure the target resource such that the identity can read the metrics from the resource.