Authenticate your Azure deployment workflow by using workload identities

Solution Architect
Microsoft Entra ID
Azure Resource Manager

Workload identities enable your deployment workflows to authenticate securely with Azure without you managing any passwords, keys, or secrets. In this module, you'll learn what workload identities are, how they work, and how to create them. You'll also learn how to grant them permission to your Azure resources so that your workflows can deploy your Bicep files.

Learning objectives

After completing this module, you'll be able to:

  • Explain what a workload identity is and describe three types of workload identities: service principals, managed identities, and federated credentials
  • Create a workload identity and link it to a GitHub Actions deployment workflow
  • Configure the appropriate authorization for a workload identity to deploy Azure resources


You should be familiar with:

  • Creating and deploying basic Bicep files, including modules.
  • Azure, including the Azure portal, subscriptions, resource groups, and resource definitions.
  • Basic GitHub Actions workflows.