Authenticate your Azure deployment workflow by using workload identities

Module
7 Units

Intermediate

Developer

Administrator

Solution Architect

Azure

Microsoft Entra ID

Azure Resource Manager

GitHub

Workload identities enable your deployment workflows to authenticate securely with Azure without you managing any passwords, keys, or secrets. In this module, you'll learn what workload identities are, how they work, and how to create them. You'll also learn how to grant them permission to your Azure resources so that your workflows can deploy your Bicep files.

Learning objectives

After completing this module, you'll be able to:

Explain what a workload identity is and describe three types of workload identities: service principals, managed identities, and federated credentials
Create a workload identity and link it to a GitHub Actions deployment workflow
Configure the appropriate authorization for a workload identity to deploy Azure resources

Prerequisites

You should be familiar with:

Creating and deploying basic Bicep files, including modules.
Azure, including the Azure portal, subscriptions, resource groups, and resource definitions.
Basic GitHub Actions workflows.

Introduction min
Understand workload identities min
Create a workload identity for a GitHub Actions workflow min
Grant a workload identity access to Azure min
Use a workload identity from a GitHub Actions workflow min
Knowledge check min
Summary min