This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi,
How to use external identity providers to authenticate to Azure kubernetes cluster..
For GKE cluster I follow link, https://cloud.google.com/kubernetes-engine/docs/how-to/oidc .. Its easy.. creating Clientconfig with IssuerURI as URL of external OIDC povider.
For EKS, Cluster I follow link, https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html .. Its easier by creating ClusterConfig and associating it.
But for Azure, I have not got any easy way to configure it.
Few articles suggest, federated approach.. few article suggest create b2c tenant and workflows. I am bit confused here.
Is there any easy way to associate external identity provide with Azure kubernetes cluster?
Thanks,
Rahul
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Rahul Katariya Checking in to see if the answer below helped.
If you have any questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.
Please don’t forget to Accept Answer and hit Yes for "was this answer helpful" wherever the information provided helps you. This can be beneficial to other community members for remediation for similar issues.
@Rahul Katariya Thanks for posting your query on Microsoft Q&A.
You can use Azure Active Directory (Azure AD) to authenticate users to your AKS cluster using OpenID Connect (OIDC). I think the flow should look like this - To configure OIDC authentication, you need to create an Azure AD application and configure it to use your external identity provider as an authentication source. Then, configure the AKS cluster to use the Azure AD application for OIDC authentication.
See Azure AD workload identity. This authentication method integrates with the Kubernetes native capabilities to federate with any external identity providers on behalf of the application.