Authorize request to Web PubSub resources with Microsoft Entra ID from managed identities

Azure Web PubSub Service supports Microsoft Entra ID for authorizing requests from managed identities.

This article shows how to configure your Web PubSub resource and codes to authorize the request to a Web PubSub resource from a managed identity.

Configure managed identities

The first step is to configure managed identities.

This is an example for configuring System-assigned managed identity on a Virtual Machine using the Azure portal.

  1. Open Azure portal, Search for and select a Virtual Machine.
  2. Under Settings section, select Identity.
  3. On the System assigned tab, toggle the Status to On. Screenshot of virtual machine - identity.
  4. Click the Save button to confirm the change.

How to create user-assigned managed identities

How to configure managed identities on other platforms

How to configure managed identities for App service and Azure Functions

Add role assignments on Azure portal

This sample shows how to assign a Web PubSub Service Owner role to a system-assigned identity over a Web PubSub resource.


A role can be assigned to any scope, including management group, subscription, resource group or a single resource. To learn more about scope, see Understand scope for Azure RBAC

  1. Open Azure portal, navigate to your Web PubSub resource.

  2. Click Access Control (IAM) to display access control settings for the Azure Web PubSub.

    The following shows an example of the Access control (IAM) page for a resource group.

  3. Click the Role assignments tab to view the role assignments at this scope.

    The following screenshot shows an example of the Access control (IAM) page for a Web PubSub resource.

    Screenshot of access control.

  4. Click Add > Add role assignment.

  5. On the Roles tab, select Web PubSub Service Owner.

  6. Click Next.

    Screenshot of adding role assignment.

  7. On the Members tab, under Assign access to section, select Managed identity.

  8. Click Select Members.

  9. In the Select managed identities pane, select System-assigned managed identity > Virtual machine

  10. Search for and select the virtual machine that you would like to assign the role to.

  11. Click Select to confirm the selection.

  12. Click Next.

    Screenshot of assigning role to managed identities.

  13. Click Review + assign to confirm the change.


Azure role assignments may take up to 30 minutes to propagate. To learn more about how to assign and manage Azure role assignments, see these articles:

Sample codes

We officially support 4 programming languages:

Next steps

See the following related articles: