Get rid of those pesky secrets for our ADO service connections with workload identity federation! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! kzbin.info/www/bejne/rGbFZmZjhcx4o6s for a demo of using this feature. Thanks for watching! 🤙

your videos are like movies, starts with the explanation of each components/characters and its role then assemble everything to make us understand how it works together. Explanation about managed identity vs work load identity towards the end is a perfect climax. Thanks for sharing us all the details you collected from various sources in a short video. you are an inspiration.

GCP guy here: Now that I’ve got this primer, I can more quickly translate some of my technobabble into technobabble that my Azure colleagues would understand (and vice versa). 😅 Just wanted to call that out; you’re doing an exceptional job explaining it vs. what I’ve seen in explainers on the GCP side. I’m already very familiar with the high-level/GCP specific details as well as much of the lower-level OIDC specific details, but I think you went the extra mile taking the time to really explain what it is. Sadly, developers can be easily put off and intimidated by the complexity of this alternative form of authentication, despite its greater security and convenience (more convenient assuming they’re doing proper key management…). So anything you can do to help increase understanding is a huge bonus for security!

Been waiting for this feature for so long! Thanks for the great deep dive explanation of how this all works 😊

I created my first one of these late last year. Now that you have made a video on it I will covert all my production ones to it. Haha. Seriously awesome not have expiring secrets.

Excellent video. Clearly explained and very fun to watch!

Thank you! Another amazing video with your easy to digest flow! :) P.S. Although I can get to do the SP myself, I kind of prefer to have it as a MI

You are great what an easy explanation of openid and oauth and how workload identity is utilising it. Thanks

As always great job, John!

Great video, John! Thank you ☁️

Thank you for this videos. Now it is more clear :)

Hey John. Thanks good video.

Excellent presentation as always! Learned a lot!

Just adding this note for anyone in the future. If you use the Workload Identity Federation (manual) option, you need to grant the permission "Microsoft.Resources/subscriptions/read" at the subscription level to the Managed Identity. Azure DevOps will give an error stating as much when you try to save the Service Connection.

Great video!

Hi John, great overview. I've already been working on writing new pipelines using workload identity. Besides the differences you outlined in the video, do you have any preferences for using managed identity vs. service principal for the service connnection?