How to use Managed Identity with Azure Communication Services

Azure Communication Services is a fully managed communication platform that enables developers to build real-time communication features into their applications. By using Managed Identity with Azure Communication Services, you can simplify the authentication process for your application, while also increasing its security. This document covers how to use Managed Identity with Azure Communication Services.

Using Managed Identity with Azure Communication Services

Azure Communication Services supports using Managed Identity to authenticate with the service. By using Managed Identity, you can eliminate the need to manage your own access tokens and credentials.

Your Azure Communication Services resource can be assigned two types of identity:

1. A System Assigned Identity which is tied to your resource and is deleted when your resource is deleted. Your resource can only have one system-assigned identity.
2. A User Assigned Identity which is an Azure resource that can be assigned to your Azure Communication Services resource. This identity isn't deleted when your resource is deleted. Your resource can have multiple user-assigned identities.

To use Managed Identity with Azure Communication Services, follow these steps:

1. Grant your Managed Identity access to the Communication Services resource. This assignment can be through the Azure portal, Azure CLI and the Azure Communication Management SDKs.
2. Use the Managed Identity to authenticate with Azure Communication Services. Authentication can be done through the Azure SDKs or REST APIs that support Managed Identity.

---

Add a system-assigned identity

Azure portal

1. In the left navigation of your app's page, scroll down to the Settings group.

2. Select Identity.

3. Within the System assigned tab, switch Status to On. Select Save.

Azure CLI

Run the az communication identity assign command to assign a system-assigned identity:

az communication identity assign --system-assigned --name myApp --resource-group myResourceGroup

Add a user-assigned identity

Assigning a user-assigned identity to your Azure Communication Services resource requires that you first create the identity and then add its resource identifier to your Communication service resource.

Azure portal

First, you need to create a user-assigned managed identity resource.

1. Create a user-assigned managed identity resource according to these instructions.

2. In the left navigation for your app's page, scroll down to the Settings group.

3. Select Identity.

4. Select User assigned > Add.

5. Search for the identity you created earlier, select it, and select Add.

Azure CLI

1. Create a user-assigned identity.

   az identity create --resource-group <group-name> --name <identity-name>
   

2. Run the az communication identity assign command to assign a user-assigned identity:

az communication identity assign --name myApp --resource-group myResourceGroup --user-assigned <identity-id>

Managed Identity using Azure Communication Services management SDKs

Managed Identity can also be assigned to your Azure Communication Services resource using the Azure Communication Management SDKs. This assignment can be achieved by introducing the identity property in the resource definition either on creation or when updating the resource.

.NET

You can assign your managed identity to your Azure Communication Services resource using the Azure Communication Management SDK for .NET by setting the Identity property on the CommunicationServiceResourceData .

For example:

public async Task CreateResourceWithSystemAssignedManagedIdentity()
{
    ArmClient armClient = new ArmClient(new DefaultAzureCredential());
    SubscriptionResource subscription = await armClient.GetDefaultSubscriptionAsync();

    //Create Resource group
    ResourceGroupCollection rgCollection = subscription.GetResourceGroups();
    // With the collection, we can create a new resource group with an specific name
    string rgName = "myRgName";
    AzureLocation location = AzureLocation.WestUS2;
    ArmOperation<ResourceGroupResource> lro = await rgCollection.CreateOrUpdateAsync(WaitUntil.Completed, rgName, new ResourceGroupData(location));
    ResourceGroupResource resourceGroup = lro.Value;

    // get resource group collection
    CommunicationServiceResourceCollection collection = resourceGroup.GetCommunicationServiceResources();
    string communicationServiceName = "myCommunicationService";
    
    // Create Communication Service Resource
    var identity = new ManagedServiceIdentity(ManagedServiceIdentityType.SystemAssigned);
    CommunicationServiceResourceData data = new CommunicationServiceResourceData("global")
    {
        DataLocation = "UnitedStates",
        Identity = identity
    };
    var communicationServiceLro = await collection.CreateOrUpdateAsync(WaitUntil.Completed, communicationServiceName, data);
    var resource = communicationServiceLro.Value;
}

For more information on using the .NET Management SDK, see Azure Communication Management SDK for .NET.

For more information specific to managing your resource instance, see Managing your Communication Service Resource instance

JavaScript

For Node.js apps and JavaScript functions, samples on how to create or update your Azure Communication Services resource with a managed identity can be found in the Azure Communication Management Developer Samples for JavaScript

For more information on using the JavaScript Management SDK, see Azure Communication Management SDK for JavaScript

Python

For Python apps and functions, Code Samples on how to create or update your Azure Communication Services resource with a managed identity can be found in the Azure Communication Management Developer Samples for Python

For more information on using the python Management SDK, see Azure Communication Management SDK for Python

Java

For Java apps and functions, Code Samples on how to create or update your Azure Communication Services resource with a managed identity can be found in the Azure Communication Management Developer Samples for Java.

For more information on using the java Management SDK, see Azure Communication Management SDK for Java

GoLang

For Golang apps and functions, Code Samples on how to create or update your Azure Communication Services resource with a managed identity can be found in the Azure Communication Management Developer Samples for Golang.

For more information on using the golang Management SDK, see Azure Communication Management SDK for Golang

Note

A resource can have both system-assigned and user-assigned identities at the same time. In this case, the type property would be SystemAssigned,UserAssigned.

Removing all managed identity assignments from a resource can also be acheived by specifying the type property as None.

Next steps

Now that you have learned how to enable Managed Identity with Azure Communication Services. Consider implementing this feature in your own applications to simplify your authentication process and improve security.

• Managed Identities
• Manage user-assigned managed identities