You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/api-management/backends.md
+12-1Lines changed: 12 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,11 +54,22 @@ To create a backend in the portal:
54
54
1. Under **Advanced**, optionally disable certificate chain or certificate name validation for the backend.
55
55
1. Under **Add this backend service to a backend pool**, optionally select or create a [load-balanced pool](#load-balanced-pool) for the backend.
56
56
1. Under **Circuit breaker rule**, optionally configure a [circuit breaker](#circuit-breaker) for the backend.
57
-
1. Under **Authorization credentials**, optionally configure credentials to authorize access to the backend. Options include a request header, query parameter, [client certificate](api-management-howto-mutual-certificates-for-clients.md), or system-assigned or user-assigned [managed identity](api-management-howto-use-managed-service-identity.md) configured in the API Management instance.
57
+
1. Under **Authorization credentials**, optionally configure credentials to authorize access to the backend. Options include a request header, query parameter, [client certificate](api-management-howto-mutual-certificates-for-clients.md), or system-assigned or user-assigned [managed identity](#configure-managed-identity-for-authorization-credentials) configured in the API Management instance.
58
58
1. Select **Create**.
59
59
60
60
After creating a backend, you can update the backend settings at any time. For example, add a circuit breaker rule, change the runtime URL, or add authorization credentials.
61
61
62
+
### Configure managed identity for authorization credentials
63
+
64
+
You can use a system-assigned or user-assigned [managed identity](api-management-howto-use-managed-service-identity.md) configured in the API Management instance to authorize access to the backend service. To configure a managed identity for authorization credentials, do the following:
65
+
66
+
1. In the **Authorization credentials** section of the backend configuration, select the **Managed identity** tab, and select **Enable**.
67
+
1. In **Client identity**, select either **System assigned identity** or a user-assigned identity that is configured in your instance.
68
+
1. In **Resource ID**, enter a target Azure service or the application ID of your own Microsoft Entra application representing the backend. Example: `https://cognitiveservices.azure.com` for Azure OpenAI service.
69
+
70
+
For more examples, see the [authentication-managed-identity](authentication-managed-identity-policy.md) policy reference.
71
+
1. Select **Create**.
72
+
62
73
## Reference backend using set-backend-service policy
63
74
64
75
After creating a backend, you can reference the backend identifier (name) in your APIs. Use the [`set-backend-service`](set-backend-service-policy.md) policy to direct an incoming API request to the backend. If you already configured a backend web service for an API, you can use the `set-backend-service` policy to redirect the request to a backend entity instead. For example:
0 commit comments