Use WIF with Microsoft Entra ID

Azure workloads authenticate to the Claude API by presenting a JSON Web Token (JWT) issued by Microsoft Entra ID, then exchanging it for a short-lived Anthropic access token. There are two common ways to obtain the Entra-issued token:

• Managed identity (VMs, App Service, Functions, Container Apps): The workload calls the Azure Instance Metadata Service (IMDS) at http://169.254.169.254/metadata/identity/oauth2/token and receives a JWT for its assigned identity.
• Entra Workload Identity (AKS pods): Kubernetes projects a service account token (signed by the AKS cluster's OIDC issuer) into the pod at the path in AZURE_FEDERATED_TOKEN_FILE. The workload exchanges that token at Entra for an Entra-issued access token.

In both cases the Entra-issued token you present to Anthropic carries a tenant-specific Entra issuer (the Configure Anthropic step shows the exact URL to register) and the managed identity's object ID in the sub and oid claims. You register that issuer with Anthropic once, write a federation rule that matches the expected claims, and your workload exchanges its Entra token for an sk-ant-oat01-... access token at runtime.



Prerequisites

• Familiarity with WIF concepts: service accounts, federation issuers, and federation rules.
• An Azure subscription with permission to assign managed identities (or configure Entra Workload Identity on AKS).
• Your Microsoft Entra tenant ID. Find it in the Azure portal under Microsoft Entra ID → Overview → Tenant ID.
• Permission to create service accounts, federation issuers, and federation rules in the Claude Console for your Anthropic organization.



Configure Azure

Set up the identity that Microsoft Entra ID will issue tokens for. Choose the path that matches where your workload runs.



Token claims

An Entra-issued token for a managed identity carries these claims (v2 token shown; see the Note under Configure Anthropic for how iss and aud differ in v1 tokens):

{
  "iss": "https://login.microsoftonline.com/<TENANT_ID>/v2.0",
  "sub": "9f8e7d6c-1a2b-3c4d-5e6f-...",
  "aud": "00000000-0000-0000-0000-000000000000",
  "oid": "9f8e7d6c-1a2b-3c4d-5e6f-...",
  "tid": "<TENANT_ID>",
  "azp": "<CLIENT_ID>",
  "exp": 1775527120
}

sub and oid are identical (the managed identity's object ID). azp is the application or client ID. The aud claim depends on the token version: v2 tokens carry your Entra application's client ID (a GUID); v1 tokens carry the requested resource identifier, which is whatever value you passed as resource when fetching the token (for example, https://api.anthropic.com). Match on oid to authorize one specific identity, or on azp to authorize any identity associated with an application registration. The tid claim repeats your tenant ID; matching on it is defense in depth, because the issuer URL already pins the tenant.



Configure Anthropic

In the Claude Console, open Settings → Workload identity, click Connect workload, and select the Microsoft Entra ID tile. The wizard walks you through registering the issuer, creating a service account, and creating a federation rule.

The wizard creates these resources for you. Use the following values whether you enter them in the wizard or send them to the Admin API:

Federation issuer: Entra publishes an OIDC discovery document at the per-tenant issuer URL, so use discovery mode. Each Microsoft Entra tenant you federate needs its own issuer record.

{
  "name": "azure-prod-tenant",
  "issuer_url": "https://login.microsoftonline.com/<TENANT_ID>/v2.0",
  "jwks": { "type": "discovery" }
}

Federation rule: Match on the managed identity's object ID and your tenant ID. For v2 tokens the audience value is your Entra application's client ID (a GUID); use the exact aud value from your decoded token.

{
  "name": "azure-inference-worker",
  "issuer_id": "fdis_...",
  "match": {
    "audience": "00000000-0000-0000-0000-000000000000",
    "claims": {
      "oid": "9f8e7d6c-1a2b-3c4d-5e6f-...",
      "tid": "<TENANT_ID>"
    }
  },
  "target": {
    "type": "service_account",
    "service_account_id": "svac_..."
  },
  "workspace_id": "wrkspc_...",
  "oauth_scope": "workspace:developer",
  "token_lifetime_seconds": 600
}



Acquire and use the token

At runtime your workload fetches its Entra token, exchanges it at POST /v1/oauth/token, and uses the returned bearer token to call Claude. Each Anthropic SDK handles the exchange and refresh loop when you supply a token-provider callable, as shown in the following examples. The cURL tab shows the raw flow.



On AKS with Entra Workload Identity

On AKS, the file at AZURE_FEDERATED_TOKEN_FILE is a Kubernetes-projected service account token signed by your cluster's OIDC issuer, not an Entra-issued token. To stay on the Entra-mediated path described on this page, exchange that token at https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token (federated client_credentials grant) first, then pass the resulting Entra access token to the Anthropic SDK as the identity token.

Alternatively, register your AKS cluster's OIDC issuer with Anthropic directly and skip the Entra hop. See Kubernetes for that pattern.



Verify the setup

From your Azure resource, run the cURL exchange shown earlier and confirm that POST /v1/oauth/token returns a 200 with an access_token beginning with sk-ant-oat01- and an expires_in value in seconds. On 400 invalid_grant, see Troubleshoot a failed exchange; the most common Azure-side cause is a mismatch between the issuer_url you registered and the iss claim in your decoded token. They must match exactly. For managed-identity tokens the iss value is either https://login.microsoftonline.com/<TENANT_ID>/v2.0 or https://sts.windows.net/<TENANT_ID>/.



Scope your rule

Lock the rule's match block to the narrowest scope that fits your use case:

• Match oid as an exact value: Set claims.oid to the managed identity's full object ID and never use subject_prefix for Entra tokens.
• Pin tid as defense in depth: The issuer URL already pins your tenant, but adding claims.tid guards against configuration drift if the issuer record is later edited.
• Pin the audience: Set audience to the exact aud value from your decoded token so tokens minted for other applications are rejected.
• Use a separate rule per managed identity: Create one rule per identity rather than one rule that authorizes several, so you can revoke a single workload's access without affecting others.



Next steps

• Review the full configuration model in Workload Identity Federation.
• See the provider guides for AWS, Google Cloud, GitHub Actions, and Kubernetes.
• For environment variables, profile files, and credential precedence, see the WIF reference.