Azure AD Dynamic Secrets

You can define an Azure AD dynamic secret to dynamically generate access credentials in one of two modes:

  1. Programmatic Access using a secret for a specific application.

  2. Portal Access using a username and password.


  • Azure AD Service Account:

To provide access to Akeyless Vault from Azure AD, create a Registration for Application within your Microsoft Identity Platform. This registration will serve as a service account to enable API calls from Akeyless Vault.

To create a Service Account in your Azure AD, follow this guide on how to create an Application Registration in Azure Active Directory. Or follow this step by step guide.

The following permissions are required:



Create/Delete user

User.ReadWrite.All, Directory.ReadWrite.All

Add user to group

GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All

Add user role


Create\Delete Application secret

Application.ReadWrite.OwnedBy, Application.ReadWrite.All

Akeyless Configuration

In the Akeyless Gateway UI , select Dynamic Secrets > New > Cloud Producer > Azure AD Producer:





A unique name that describes the purpose or permissions scope of this dynamic secret.


The path in Akeyless vault to store this dynamic secret.

Azure Client ID (Application ID)

The Application ID.

Azure Tenant ID

Your Azure Tenant ID

Azure Client Secret

Your Azure Client Secret

Portal Access\ Programmatic Access

Portal Access - Creates new User & Password.

Programmatic Access - Create new secret to specific App.

Principal Name (Portal Access)

Your Account Principal Name

Azure User Group Object ID - (Portal Access)

Group Object-ID to add the new user to your group (Multiple values should be separated by a comma).

Azure User roles Template ID - (Portal Access)

Role Template-ID to add to the new user (Multiple values should be separated by a comma)

Azure App Object ID (Programmatic Access)

The App Object-ID to create secret access.

Once the Dynamic Secret creation is successful, get the secret value from Akeyless Vault:

  1. Portal Access:

To Access Azure AD portal, enter the User Principal Name.

  1. Programmatic Access:

Use the Secret Text for programmatic access.

Did this page help you?