Use managed identities for Azure Load Testing

This article shows how to create a managed identity for Azure Load Testing. You can use a managed identity to authenticate with and read secrets from Azure Key Vault.

A managed identity from Azure Active Directory (Azure AD) allows your load testing resource to easily access other Azure AD-protected resources, such as Azure Key Vault. The identity is managed by the Azure platform and doesn't require you to manage or rotate any secrets. For more information about managed identities in Azure AD, see Managed identities for Azure resources.

Azure Load Testing supports two types of identities:

  • A system-assigned identity is associated with your load testing resource and is deleted when your resource is deleted. A resource can only have one system-assigned identity.
  • A user-assigned identity is a standalone Azure resource that you can assign to your load testing resource. When you delete the load testing resource, the managed identity remains available. You can assign multiple user-assigned identities to the load testing resource.

Prerequisites

  • An Azure account with an active subscription. If you don't have an Azure subscription, create a free account before you begin.
  • An Azure load testing resource. If you need to create an Azure load testing resource, see the quickstart Create and run a load test.
  • To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

Assign a system-assigned identity to a load testing resource

To assign a system-assigned identity for your Azure load testing resource, enable a property on the resource. You can set this property by using the Azure portal or by using an Azure Resource Manager (ARM) template.

To set up a managed identity in the portal, you first create an Azure load testing resource and then enable the feature.

  1. In the Azure portal, go to your Azure load testing resource.

  2. On the left pane, select Identity.

  3. Select the System assigned tab.

  4. Switch the Status to On, and then select Save.

    Screenshot that shows how to assign a system-assigned managed identity for Azure Load Testing in the Azure portal.

  5. On the confirmation window, select Yes to confirm the assignment of the managed identity.

  6. After assigning the managed identity finishes, the page will show the Object ID of the managed identity, and let you assign permissions to it.

    Screenshot that shows the system-assigned managed identity information for a load testing resource in the Azure portal.

You can now grant your load testing resource access to your Azure key vault.

Assign a user-assigned identity to a load testing resource

Before you can add a user-assigned managed identity to an Azure load testing resource, you must first create this identity in Azure AD. Then, you can assign the identity by using its resource identifier.

You can add multiple user-assigned managed identities to your resource. For example, if you need to access multiple Azure resources, you can grant different permissions to each of these identities.

  1. Create a user-assigned managed identity by following the instructions mentioned in Create a user-assigned managed identity.

    Screenshot that shows how to create a user-assigned managed identity in the Azure portal.

  2. In the Azure portal, go to your Azure load testing resource.

  3. On the left pane, select Identity.

  4. Select the User assigned tab, and select Add.

  5. Search and select the managed identity you created previously. Then, select Add to add it to the Azure load testing resource.

    Screenshot that shows how to turn on user-assigned managed identity for Azure Load Testing.

You can now grant your load testing resource access to your Azure key vault.

Grant access to your Azure key vault

Using managed identities for Azure resources, your Azure load testing resource can access tokens that enable authentication to your Azure key vault. Grant the managed identity access by assigning the appropriate role to the managed identity.

To grant your Azure load testing resource permissions to read secrets from your Azure key vault:

  1. In the Azure portal, go to your Azure key vault resource.

    If you don't have a key vault, follow the instructions in Azure Key Vault quickstart to create one.

  2. On the left pane, under Settings, select Access Policies, and then Add Access Policy.

  3. In the Secret permissions dropdown list, select Get.

    Screenshot that shows how to add an access policy to your Azure key vault.

  4. Select Select principal, and then select the system-assigned or user-assigned principal for your Azure load testing resource.

    If you're using a system-assigned managed identity, the name matches that of your Azure load testing resource.

  5. Select Add.

You've now granted access to your Azure load testing resource to read the secret values from your Azure key vault.

Next steps