User Managed Identity Authentication Setup
User Managed Identity authentication eliminates the need for secrets or passwords. A managed identity is created alongside your bot and assigned to your compute resource (App Service, Container App, VM, etc.).
Prerequisites​
Before you begin, ensure you have:
- An Azure subscription
- Permissions to create App Registrations, Azure Bot Services, and manage identities
- A compute resource where your bot will be hosted (App Service, Container App, VM, etc.)
Setup Steps​
Step 1: Create Azure Bot with User Managed Identity​
When creating your Azure Bot Service, select User Managed Identity for the Type of App.
This will automatically create a User Managed Identity resource alongside your bot.
Step 2: Assign the Managed Identity to Your Compute Resource​
The User Managed Identity created with your bot must be assigned to the service running your application.
- Azure Portal
- Azure CLI
- Navigate to your compute resource (App Service, Container App, VM, etc.) in the Azure Portal
- Go to Identity section in the left menu
- Select the User assigned tab
- Click Add
- Select the User Managed Identity that was created with your Azure Bot
- Click Add to confirm
# Assign user managed identity to your compute resource
# Example for App Service:
az webapp identity assign \
--name $APP_NAME \
--resource-group $RESOURCE_GROUP \
--identities $MANAGED_IDENTITY_RESOURCE_ID
# Example for Container App:
az containerapp identity assign \
--name $APP_NAME \
--resource-group $RESOURCE_GROUP \
--user-assigned $MANAGED_IDENTITY_RESOURCE_ID
Next Steps​
After completing the Azure setup, configure your application code with the appropriate environment variables. See the App Authentication Essentials Guide for details.