Azure API Manager
Authentication-managed-identity policy Use the authentication-managed-identity policy to authenticate with a backend service using the managed identity. This policy essentially uses the managed identity to obtain an access token from Microsoft Entra ID for accessing the specified resource. After successfully obtaining the token, the policy will set the value of the token in the Authorization header using the Bearer scheme. API Management caches the token until it expires. Both system-assigned identity and any of the multiple user-assigned identities can be used to request a token. If client-id is not provided, system-assigned identity is assumed. If the client-id variable is provided, token is requested for that user-assigned identity from Microsoft Entra ID. <authentication-managed-identity resource="resource" client-id="clientid of user-assigned identity" output-token-variable-name="token-variable" ignore-error="true|false"/> resource :