Can we Enable Manage Identity in Multiple Cotainers In Azure App Service

Arslan Zaheer 0 Reputation points
2024-03-25T11:00:14.9366667+00:00

We are currently leveraging a container registry for deploying code from Bitbucket to Azure app services within our infrastructure. In our pursuit to enhance our security measures, we are keen on enabling the system identity provider. However, we've encountered documentation suggesting that system identity isn't enabled for multiple containers.

Given this constraint, we are seeking alternatives to integrate system identities into our containers. Any insights or recommendations on this matter would be greatly appreciated.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
610 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,867 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 10,040 Reputation points MVP
    2024-03-25T11:04:47.9533333+00:00

    The managed identity in App Service apps is enabled per App Service instance - not per container.

    You could potentially implement a custom solution to use a service principal that you define for each container, but this would require you develop it programmatically


    hth

    Marcin


  2. brtrach-MSFT 15,176 Reputation points Microsoft Employee
    2024-03-29T00:34:54.56+00:00

    @Arslan Zaheer Based on the error, it looks like the issue you are encountering is related to the credentials that are being used to authenticate with Azure. The error message suggests that the EnvironmentCredential, ManagedIdentityCredential, SharedTokenCacheCredential, AzureCliCredential, and AzurePowerShellCredential were all attempted, but none of them were able to retrieve a token.

    This error can occur if the credentials are not configured correctly or if there is an issue with the Azure environment. Here are a few things you can try to troubleshoot the issue:

    1. Verify that the environment variables are set correctly. The EnvironmentCredential requires the following environment variables to be set: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID. Make sure that these variables are set correctly and that the values are valid.
    2. Verify that the Managed Identity is enabled for the container. You can do this by checking the "Identity" section of the container in the Azure Portal. Make sure that the "Status" is set to "On" and that the "System assigned" option is selected.
    3. Check the logs for any additional error messages. You can view the logs for the container in the Azure Portal by going to the "Logs" section of the container.
    4. Try using a different credential type. For example, you could try using the DefaultAzureCredential with the Visual Studio Code extension for Azure Account, which provides a graphical interface for managing Azure credentials.

    Let us know the outcome of the above suggestions and if we can assist you further.

    0 comments No comments