1.7 KiB
Day 77 - Connect to Microsoft Graph in Azure DevOps using Workload Identity Federation - Jan Vidar Elven
This note accompanies my contribution for 2024 edition of 90DaysOfDevOps, which consists of:
- A video: Link
- A presentation deck for reference: Link
- This markdown file and a summary below, and a blog post where I have more details.
What is Workload Identity Federation?
WIF is..
What are Service Connections?
Service Connections..
About Microsoft APIs protected by Entra ID
Microsoft have several well-known APIs that support OIDC (OpenID Connect) and OAuth2 for Authentication and Authorization, like Azure Resource Manager Rest API, Microsoft Graph API, KeyVault API to name a few.
In addition you can create, expose and protect your own APIs via App Registrations, so there are a lot of usage scenarios.
All this Microsoft APIs can be accessed securely and without secrets using Workload Identity Federation and Service Connections in Azure DevOps.
Blog post
Here is a previous blog post I published that show the details on how to set this up:
About me
I'm Jan Vidar Elven, and work as a Senior Architect in Evidi AS in Norway, I'm a Microsoft Security MVP, and specialize in Microsoft Entra, IAM (Identity Access Management), IGA (Identity Governance & Administration), Security, Cloud Platform solutions using Microsoft Azure, and DevOps.
Connect with me at: