AKS Learn feedback: missing audience in federated id

[provMichaelGugino]

Type of issue

Missing information

Feedback

Code block:

export FEDERATED_IDENTITY_NAME="aksfederatedidentity" # can be changed as needed

az identity federated-credential create --name $FEDERATED_IDENTITY_NAME --identity-name $UAMI --resource-group $RESOURCE_GROUP --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:${SERVICE_ACCOUNT_NAMESPACE}:${SERVICE_ACCOUNT_NAME}

Should include audiences flag. While an optional parameter, it's not really optional. It should be set to "api://AzureADTokenExchange"

Page URL

https://learn.microsoft.com/en-us/azure/aks/csi-secrets-store-identity-access

Content source URL

https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/aks/csi-secrets-store-identity-access.md

Author

@Nickomang

Document Id

f553a5a4-a20f-8efd-3712-e64112c35676

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: ec9ff712-aa4c-4e95-ba96-2405010d9f83
• Version Independent ID: f553a5a4-a20f-8efd-3712-e64112c35676
• Content: Access Azure Key Vault with the CSI Driver Identity Provider - Azure Kubernetes Service
• Content Source: articles/aks/csi-secrets-store-identity-access.md
• Service: azure-kubernetes-service
• Sub-service: aks-security
• GitHub Login: @Nickomang
• Microsoft Alias: nickoman

[TPavanBalaji]

@provMichaelGugino
Thanks for your feedback! We will investigate and update as appropriate.

[ManoharLakkoju-MSFT]

@provMichaelGugino
Thank you for bringing this to our attention.
I've delegated this to content author @Nickomang, who will review it and offer their insightful opinions.