You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
>For production applications, we recommend implementing Azure AD and Azure role-based access control (Azure RBAC). For an overview of Azure AD concepts, see [Authentication with Azure Maps](azure-maps-authentication.md).
30
+
>For production applications, we recommend implementing Azure AD and Azure role-based access control (Azure RBAC). For an overview of Azure AD concepts, see [Authentication with Azure Maps].
31
31
32
32
## Scenario: Shared key authentication with Azure Key Vault
33
33
34
-
Applications that use Shared Key authentication, should store the keys in a secure store. This scenario describes how to safely store your application key as a secret in Azure Key Vault. Instead of storing the shared key in application configuration, the application can retrieve the shared key as an Azure Key Vault secret. To simplify key regeneration, we recommend that applications use one key at a time. Applications can then regenerate the unused key and deploy the regenerated key to Azure Key Vault while still maintaining current connections with one key. To understand how to configure Azure Key Vault, see [Azure Key Vault developer guide](../key-vault/general/developers-guide.md).
34
+
Applications that use Shared Key authentication, should store the keys in a secure store. This scenario describes how to safely store your application key as a secret in Azure Key Vault. Instead of storing the shared key in application configuration, the application can retrieve the shared key as an Azure Key Vault secret. To simplify key regeneration, we recommend that applications use one key at a time. Applications can then regenerate the unused key and deploy the regenerated key to Azure Key Vault while still maintaining current connections with one key. To understand how to configure Azure Key Vault, see [Azure Key Vault developer guide].
35
35
36
36
>[!IMPORTANT]
37
37
>This scenario indirectly accesses Azure Active Directory through Azure Key Vault. However, we recommend that you use Azure AD authentication directly. Using Azure AD directly avoids the additional complexity and operational requirements of using shared key authentication and setting up Key Vault.
38
38
39
39
The following steps outline this process:
40
40
41
-
1.[Create an Azure Key Vault](../key-vault/general/quick-create-portal.md).
42
-
2. Create an [Azure AD service principal](../active-directory/fundamentals/service-accounts-principal.md) by creating an App registration or managed identity. The created principal is responsible for accessing the Azure Key Vault.
43
-
3. Assign the service principal access to Azure Key secrets `get` permission. For details about how to set permissions, see [Assign a Key Vault access policy using the Azure portal](../key-vault/general/assign-access-policy-portal.md).
41
+
1.[Create an Azure Key Vault].
42
+
2. Create an [Azure AD service principal] by creating an App registration or managed identity. The created principal is responsible for accessing the Azure Key Vault.
43
+
3. Assign the service principal access to Azure Key secrets `get` permission. For details about how to set permissions, see [Assign a Key Vault access policy using the Azure portal].
44
44
4. Temporarily assign access to secrets `set` permission for you as the developer.
45
45
5. Set the shared key in the Key Vault secrets and reference the secret ID as configuration for the daemon application.
46
46
6. Remove your secrets `set` permission.
@@ -77,11 +77,11 @@ When running on a non-Azure environment, managed identities aren't available. As
77
77
78
78
#### Create new application registration
79
79
80
-
If you've already created your application registration, go to [Assign delegated API permissions](#assign-delegated-api-permissions).
80
+
If you've already created your application registration, go to [Assign delegated API permissions].
81
81
82
82
To create a new application registration:
83
83
84
-
1. Sign in to the [Azure portal](https://portal.azure.com).
84
+
1. Sign in to the [Azure portal].
85
85
86
86
2. Select **Azure Active Directory**.
87
87
@@ -101,7 +101,7 @@ To create a new application registration:
101
101
102
102
To assign delegated API permissions to Azure Maps:
103
103
104
-
1. If you haven't done so already, sign in to the [Azure portal](https://portal.azure.com).
104
+
1. If you haven't done so already, sign in to the [Azure portal].
>To securely store the certificate or secret, see the [Azure Key Vault Developer Guide](../key-vault/general/developers-guide.md). You'll use this secret to get tokens from Azure AD.
177
+
>To securely store the certificate or secret, see the [Azure Key Vault developer guide]. You'll use this secret to get tokens from Azure AD.
178
178
179
179
[!INCLUDE [grant role-based access to users](./includes/grant-rbac-users.md)]
180
180
181
181
### Request a token with managed identity
182
182
183
-
After a managed identity is configured for the hosting resource, you can use Azure SDK or REST API to acquire a token for Azure Maps. To learn how to acquire an access token, see [Acquire an access token](../active-directory/managed-identities-azure-resources/how-to-use-vm-token.md).
183
+
After a managed identity is configured for the hosting resource, you can use Azure SDK or REST API to acquire a token for Azure Maps. To learn how to acquire an access token, see [Acquire an access token].
184
184
185
185
### Request token with application registration
186
186
187
187
After you register your app and associate it with Azure Maps, you'll need to request an access token.
188
188
189
189
To acquire the access token:
190
190
191
-
1. If you haven't done so already, sign in to the [Azure portal](https://portal.azure.com).
191
+
1. If you haven't done so already, sign in to the [Azure portal].
We'll use the [Postman](https://www.postman.com/) application to create the token request, but you can use a different API development environment.
203
+
We'll use the [Postman] application to create the token request, but you can use a different API development environment.
204
204
205
205
1. In the Postman app, select **New**.
206
206
@@ -229,18 +229,32 @@ We'll use the [Postman](https://www.postman.com/) application to create the toke
229
229
}
230
230
```
231
231
232
-
For more information about authentication flow, see [OAuth 2.0 client credentials flow on the Microsoft identity platform](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md#first-case-access-token-request-with-a-shared-secret)
232
+
For more information about authentication flow, see [OAuth 2.0 client credentials flow on the Microsoft identity platform]
233
233
234
234
## Next steps
235
235
236
236
For more detailed examples:
237
237
> [!div class="nextstepaction"]
238
-
> [Authentication scenarios for Azure AD](../active-directory/develop/authentication-vs-authorization.md)
238
+
> [Authentication scenarios for Azure AD]
239
239
240
240
Find the API usage metrics for your Azure Maps account:
241
241
> [!div class="nextstepaction"]
242
-
> [View usage metrics](how-to-view-api-usage.md)
242
+
> [View usage metrics]
243
243
244
244
Explore samples that show how to integrate Azure AD with Azure Maps:
[Create an Azure Key Vault]: ../key-vault/general/quick-create-portal.md
258
+
[OAuth 2.0 client credentials flow on the Microsoft identity platform]: ../active-directory/develop/v2-oauth2-client-creds-grant-flow.md#first-case-access-token-request-with-a-shared-secret
0 commit comments