Share via

Provision an agent in Azure Bot Service using Federated Credentials

This article shows how to register an agent with Azure AI Bot Service using Federated Credentials.

Note

Federated Credentials does not work for local debugging via devtunnels.

Create the resources

Create the Azure Bot resource. This allows you to register your agent with the Azure AI Bot Service.

  1. Go to the Azure portal.

  2. Create a User Assigned Managed Identity

    1. In the right pane, find/select Create a resource and select User Assigned Managed Identity

      Create User Assigned Managed Identity

    2. Select Create and supply the required information

      User Assigned Managed Identity Details

    3. Complete creation by selecting Create. When it's done, click on Go to resource

    4. Record the ClientId. This will be used later when setting up Federated Credentials on the App Registration.

      • This is also used when configuring the Agent settings, and is the FederatedClientId setting.

  3. Create the Azure Bot: In the right pane, select Create a resource.

  4. Find and select the Azure Bot card.

    Azure Bot Resource

  5. Select Create.

  6. Enter values in the required fields and review and update settings.

    a. Provide information under Project details. Select whether your agent will have global or local data residency. Currently, the local data residency feature is available for resources in the "westeurope" and "centralindia" region. For more information, see Regionalization in Azure AI Bot Service.

    Azure Bot Settings

    b. Provide information under Microsoft App ID. Select how your agent identity will be managed in Azure and whether to create a new identity or use an existing one.

    Azure Bot Identity

  7. Select Review + create.

  8. If the validation passes, select Create.

  9. Once the deployment is completed, select Go to resource. You should see the agent and related resources listed in the resource group you selected.

  10. If this is a Teams or M365 agent

    1. Select Settings on the left sidebar, then Channels.
    2. Select Microsoft Teams from the list and choose appropriate options.

  11. Select Settings, then Configuration

  12. Select Manage Password next to Microsoft App ID

    Azure Bot Configuration

  13. On the Overview pane, record the Application (client) ID and Directory (tenant) ID

    • This is used when configuring the Agent settings, and is the ClientId and TenantId settings.

  14. Select Certificates & secrets on the left then Client secrets. If there is a secret listed, you can delete this. It will not be used.

  15. Select Federated credentials

  16. Click + Add credential

  17. Set credential properties

    Add Federated Credential

    1. Federated credential scenario: Managed Identity
    2. Click Select a managed identity and chose the User Managed Identity created above
    3. Set the Name, eg. "agent"
    4. Click Add when done

Important

Store App Registration ClientId, TenantId, and the ClientId of the Managed Identity. You need the information later when configuring your agent configuration.

Next Steps