How to Intermediate · 3 min read

How to use managed identity with Azure OpenAI

Quick answer
Use the AzureOpenAI client with the azure_ad_token_provider parameter to authenticate via managed identity instead of an API key. This leverages Azure's managed identity service for secure, keyless access to the Azure OpenAI endpoint.

PREREQUISITES

  • Python 3.8+
  • Azure subscription with Azure OpenAI resource
  • Managed identity enabled on your Azure compute resource
  • pip install openai>=1.0 azure-identity

Setup

Install the required Python packages and set environment variables for your Azure OpenAI endpoint and deployment name. Ensure your Azure resource has a managed identity enabled and granted access to the Azure OpenAI resource.

bash
pip install openai azure-identity

Step by step

This example shows how to use the AzureOpenAI client with managed identity authentication by passing an azure_ad_token_provider from DefaultAzureCredential. Replace environment variables with your Azure OpenAI endpoint and deployment name.

python
import os
from openai import AzureOpenAI
from azure.identity import DefaultAzureCredential

# Initialize Azure AD token provider for managed identity
credential = DefaultAzureCredential()

client = AzureOpenAI(
    azure_endpoint=os.environ["AZURE_OPENAI_ENDPOINT"],
    azure_ad_token_provider=credential,
    api_version="2024-02-01"
)

response = client.chat.completions.create(
    model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
    messages=[{"role": "user", "content": "Hello from managed identity!"}]
)

print(response.choices[0].message.content)
output 
Hello from managed identity!

Common variations

  • Use other Azure AD credential classes like ManagedIdentityCredential if you want to specify client ID.
  • Switch models by changing the deployment name in model parameter.
  • Use async calls with asyncio and await if your environment supports it.
python
import os
import asyncio
from openai import AzureOpenAI
from azure.identity.aio import DefaultAzureCredential

async def main():
    credential = DefaultAzureCredential()
    client = AzureOpenAI(
        azure_endpoint=os.environ["AZURE_OPENAI_ENDPOINT"],
        azure_ad_token_provider=credential,
        api_version="2024-02-01"
    )

    response = await client.chat.completions.acreate(
        model=os.environ["AZURE_OPENAI_DEPLOYMENT"],
        messages=[{"role": "user", "content": "Async hello from managed identity!"}]
    )

    print(response.choices[0].message.content)

asyncio.run(main())
output 
Async hello from managed identity!

Troubleshooting

  • If you get authentication errors, verify your Azure resource has managed identity enabled and the identity has proper role assignments to access Azure OpenAI.
  • Ensure environment variables AZURE_OPENAI_ENDPOINT and AZURE_OPENAI_DEPLOYMENT are correctly set.
  • Check network connectivity to the Azure OpenAI endpoint.
  • Use DefaultAzureCredential logging to debug credential acquisition issues.

Key Takeaways

  • Use DefaultAzureCredential with AzureOpenAI for managed identity authentication.
  • Set azure_ad_token_provider instead of api_key to enable keyless access.
  • Ensure your Azure resource's managed identity has permission to the Azure OpenAI resource.
  • Async usage is supported with acreate and azure.identity.aio credentials.
Verified 2026-04 · gpt-4o, AzureOpenAI
Verify ↗

People also ask

🛠 Azure OpenAI managed identity authentication azure-openai-enterprise ⚖️ Claude API vs Azure OpenAI comparison Claude & Anthropic ⚖️ AWS Bedrock vs Azure OpenAI comparison AWS Bedrock 🛠 Azure OpenAI audit logs azure-openai-enterprise 🛠 Azure OpenAI content filtering enterprise azure-openai-enterprise

Up next

📖 What is Azure AI Search with OpenAI 📖 What is Azure OpenAI On Your Data 📖 What is Azure OpenAI Service

More in Guides

🛠 Azure OpenAI disaster recovery 🛠 Azure OpenAI function calling 🛠 Azure OpenAI pricing 🛠 Azure OpenAI private endpoint setup