Identity and access management for Python apps on Azure

Identity and access management for Python apps on Azure are fundamentally about the authentication of the identity of a user, group, application, or service and authorization of that identity to perform requested actions on Azure resources. There are different identity and access management options you can choose from depending on your application and security needs. This article provides links to resources to help you get started.

For an overview of authentication and authorization in Azure, see Recommendations for identity and access management.

Passwordless connections

Whenever possible, we recommend you use managed identities to simplify overall management and improve security. Specifically, use passwordless connections to avoid using embedding sensitive data such as passwords in code or environment variables.

• Overview: Passwordless connection for Azure services

• Authenticate Python Apps to Azure services using the Azure SDK for Python

• Use DefaultAzureCredential in an application

• Quickstart: Azure Blob Storage client library for Python with passwordless connections

• Quickstart: Send messages to and receive message from Azure Service Bus queues with passwordless connections

• Create and deploy a Flask web app to Azure with a system-assigned managed identity

• Create and deploy a Django web app to Azure with a user-assigned managed identity

The resources listed show how to use Azure Python SDK and passwordless connections with the DefaultAzureCredential. The DefaultAzureCredential is appropriate for most applications that will run in Azure because it combines common production credentials with development credentials.

Service Connector

Many Azure resources you're likely to use with to your Python apps enable the Service Connector service. Service Connector helps you configure network settings and connection information between Azure services such as App Service and Container Apps and other services such as storage or databases.

• Quickstart: Create a service connection in App Service from the Azure portal

• Tutorial: Using Service Connector to build a Django app with Postgres on Azure App Service

Key Vault

Using a key management solution like Azure Key Vault gives you more control but with an increase in management complexity.

• Quickstart: Azure Key Vault certificate client library for Python

• Quickstart: Azure Key Vault keys client library for Python

• Quickstart: Azure Key Vault secret client library for Python

Authentication and identity for signing in users in apps

You can build Python applications that enable your users and customers to sign in using their Microsoft identities or social accounts. Your app authorizes access to your own APIs or Microsoft APIs like Microsoft Graph.

• Quickstart: Sign in users and call the Microsoft Graph API from a Python web app

• Web app authentication topics

• Quickstart: Acquire a token and call Microsoft Graph from a Python daemon app

• Back-end service, daemon, and script authentication topics