Configure users of the developer portal to authenticate using usernames and passwords

In the developer portal for Azure API Management, the default authentication method for users is to provide a username and password. In this article, learn how to set up users with basic authentication credentials to the developer portal.

For an overview of options to secure the developer portal, see Authentication and authorization in API Management.

Prerequisites

Availability

Important

This feature is available in the Premium, Standard and Developer tiers of API Management.

Go to your API Management instance

  1. In the Azure portal, search for and select API Management services.

    Select API Management services

  2. On the API Management services page, select your API Management instance.

    Select your API Management instance

Confirm the username and password provider

By default, the username and password identity provider is enabled in the developer portal. To confirm this setting:

  1. In the left menu of your API Management instance, under Developer portal, select Identities.
  2. In the Provider type list, confirm that Username and password appears.

If the provider isn't already enabled, you can add it:

  1. In the left menu of your API Management instance, under Developer portal, select Identities > + Add.
  2. Under Type, select Username and password, and then select Add.

Add a username and password

There are two ways to add a username and password for authentication to the developer portal:

Note

API Management enforces password strength requirements including password length. When you add a user in the Azure portal, the password must be at least 6 characters long. When a developer signs up or resets a password through the developer portal, the password must be at least 8 characters long.

Delete the username and password provider

If you've configured another identity provider for the developer portal such as Azure AD or Azure AD B2C, you might want to delete the username and password provider.

Deleting the identity provider prevents adding users to use username and password authentication. Existing users configured for basic authentication are also prevented from signing into the developer portal.

  1. In the left menu of your API Management instance, under Developer portal, select Identities.
  2. In the Provider type list, select Username and password. In the context menu (...), select Delete.

Tip

If you want to disable all sign up or sign in functionality in the developer portal, see How do I disable sign up in the developer portal?

Next steps

For steps to add other identity providers for developer sign-up to the developer portal, see: