Hi everyone, how are you dealing with service-to-service authentication and authorization? Since we are building our platform on top of Azure and all our services are provisioned with a managed identity, we are thinking about utilizing Entra ID (former Active Directory) for authz. Anyone using that?

Hey @Stanislav Kurik We are in a similar space but are going to evaluate Keycloak at some point. I would be interested in how it goes your side🙏

Hi @wayne, thanks for reaching out. We are currently evaluating the Entra ID approach and were able to put together a working PoC (including role-based authorization). We still don't know whether it's the way to go because Entra ID seems to be skewed towards interactive use cases and service-to-service auth feels like an afterthought. I also briefly looked at Keycloak and it certainly seems solid, but the necessity to operate it yourself put me off. Are you also running in Azure?

Yes, also running in Azure. We have a bit of a wall with 'IT' which makes changes within Azure Entra ID a difficult task. That's why operating keycloak is an acceptable trade off at the moment. We will do a PoC first though.