Currently action allows OIDC login against service principal always, and against managed identities only if those are connected to runner VM (and VM running on Azure).

"Free" federation should technically work also fine, as Azure DevOps just published that couple of weeks back (https://learn.microsoft.com/en-us/azure/devops/release-notes/2024/sprint-234-update), and also Managed identity federation has already part for GitHub.

Is there some plans to add the support similar to one that e.g. Google uses also to Azure/login action?

Also workflow identity federation is mentioned to work with Github without need of self hosted runners, but in the action documentation that kind of case doesn't sound possible (at here).

Hi @Hi-Fi ,

Could you double-check this section: https://github.com/Azure/login?tab=readme-ov-file#login-with-openid-connect-oidc-recommended. Is this what you want about "workflow identity federation"?

I don't quite get your questions about "Google uses also to Azure/login action". Could you explain more about this? Do you mean you want to login to Azure as a Google user or else?

I have to check that part, I somehow missed that as the actual identity I use is managed identity.