Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maximum of 20 federated identity credentials per Azure AD Application/Managed identity #575

Open
aramase opened this issue Sep 28, 2022 · 7 comments
Open

Maximum of 20 federated identity credentials per Azure AD Application/Managed identity #575

aramase opened this issue Sep 28, 2022 · 7 comments
Labels
aad limitation

Comments

@aramase
Copy link
Member

aramase commented Sep 28, 2022

xref: https://learn.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-1.0#design-considerations
@aramase aramase pinned this issue Sep 28, 2022
@danbrad
Copy link

danbrad commented Oct 3, 2022

This document appears to imply that an AKS cluster can only have 20 federated identities per AKS cluster, is that correct?

https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview#limitations

Or, based on the document you linked above can we have as many managed identities as we like federated into AKS, but each of them can only have 20 federated credentials attached?

Thanks

@aramase
Copy link
Member Author

aramase commented Oct 3, 2022

Or, based on the document you linked above can we have as many managed identities as we like federated into AKS, but each of them can only have 20 federated credentials attached?

It's 20 federated credentials per Azure AD App/managed identity.

@danbrad
Copy link

danbrad commented Oct 3, 2022

Great, thank you!

@pockyhe
Copy link

pockyhe commented Mar 6, 2023
edited
Loading

Hi @aramase We have the following question about this limitation:
For now, we have multi(more than 20) namespaces in aks. Within all of these namespaces, we need to access Azure Resources. However, we hope to only aissgn credential in single 3rd party app. we don't want to create multi 3rd party app.
How can we achieve it?

@aramase
Copy link
Member Author

aramase commented Mar 6, 2023

Hi @aramase We have the following question about this limitation:
For now, we have multi(more than 20) namespaces in aks. Within all of these namespaces, we need to access Azure Resources. However, we hope to only aissgn credential in single 3rd party app. we don't want to create multi 3rd party app.
How can we achieve it?

@pockyhe If you need to use the identity with more than 20 federated identity credentials, it is not possible because of this limitation. You'll need to create another identity.

In the future, this could be supported with wildcards in federated identity credential. Could you add your scenario and details to this issue. This is a growing list of set up and requirements, that the AAD team is looking at as part of supporting wildcards.

cc @udayxhegde

@aramase aramase mentioned this issue Apr 7, 2023
Closed
@aramase aramase mentioned this issue Nov 29, 2023
Closed
@eyal-moscovici
Copy link

Hi, the wildcard feature is delayed for 2 years already, can you please increase the limit to 200?

@MoussaBangre
Copy link

Please increase this to 200. I do not really understand the reason of this limitation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aad limitation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@danbrad @aramase @eyal-moscovici @pockyhe @MoussaBangre