Fixing AKS Workload Identity Login in Azure CLI – NillsF blog

by


I just spent 2 hours trying to figure out how to log into Azure CLI using workload identity, and I hope to document how to fix it very quicly.

Table of Contents

The situation

You have an AKS cluster with workload identity setup, and while trying to log into Azure CLI with a federated identity, you get the following error:

kubectl exec -n $NAMESPACE $POD_NAME -- bash -c \
  "az login \
     --identity \
     --allow-no-subscriptions \
     --client-id \$AZURE_CLIENT_ID"
ERROR: Identity not found
Interactive authentication is needed. Please run:
az login
command terminated with exit code 1

The solution

To fix this, you need to login with the federated identity file that’s automatically mounted for you.

kubectl exec -n $NAMESPACE $POD_NAME -- bash -c \
  "az login \
     --service-principal \
     -u \$AZURE_CLIENT_ID \
     -t \$AZURE_TENANT_ID \
     --federated-token \$(cat /var/run/secrets/azure/tokens/azure-identity-token)"


Share this content:

I am a passionate blogger with extensive experience in web design. As a seasoned YouTube SEO expert, I have helped numerous creators optimize their content for maximum visibility.

Contact

Leave a Comment

© 2025 Marketer • Built with GeneratePress
Privacy Policy Terms Contact