Resource: azuread_application_federated_identity_credential

Manages a federated identity credential associated with an application within Azure Active Directory.

API Permissions

The following API permissions are required in order to use this resource.

When authenticated with a service principal, this resource requires one of the following application roles: Application.ReadWrite.OwnedBy or Application.ReadWrite.All

When authenticated with a user principal, this resource requires one of the following directory roles: Application Administrator or Global Administrator

Example Usage

resource "azuread_application_registration" "example" {
  display_name = "example"
}

resource "azuread_application_federated_identity_credential" "example" {
  application_id = azuread_application_registration.example.id
  display_name   = "my-repo-deploy"
  description    = "Deployments for my-repo"
  audiences      = ["api://AzureADTokenExchange"]
  issuer         = "https://token.actions.githubusercontent.com"
  subject        = "repo:my-organization/my-repo:environment:prod"
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to all arguments above, the following attributes are exported:

Import

Federated Identity Credentials can be imported using the object ID of the associated application and the ID of the federated identity credential, e.g.

terraform import azuread_application_federated_identity_credential.example 00000000-0000-0000-0000-000000000000/federatedIdentityCredential/11111111-1111-1111-1111-111111111111