Manage authentication in Azure Maps
After you create an Azure Maps account, a client ID and keys are created to support Azure Active Directory (Azure AD) authentication and Shared Key authentication.
View authentication details
After you create an Azure Maps account, the primary and secondary keys are generated. We recommend that you use a primary key as a subscription key when you use Shared Key authentication to call Azure Maps. You can use a secondary key in scenarios such as rolling key changes. For more information, see Authentication in Azure Maps.
You can view your authentication details in the Azure portal. There, in your account, on the Settings menu, select Authentication.
Discover category and scenario
Depending on application needs there are specific pathways to securing the application. Azure AD defines categories to support a wide range of authentication flows. See application categories to understand which category the application fits.
Even if you use shared key authentication, understanding categories and scenarios helps you to secure the application.
Determine authentication and authorization
The following table outlines common authentication and authorization scenarios in Azure Maps. The table provides a comparison of the types of protection each scenario offers.
Microsoft recommends implementing Azure Active Directory (Azure AD) with Azure role-based access control (Azure RBAC) for production applications.
|Scenario||Authentication||Authorization||Development effort||Operational effort|
|Trusted daemon / non-interactive client application||Shared Key||N/A||Medium||High|
|Trusted daemon / non-interactive client application||Azure AD||High||Low||Medium|
|Web single page application with interactive single-sign-on||Azure AD||High||Medium||Medium|
|Web single page application with non-interactive sign-on||Azure AD||High||Medium||Medium|
|Web application with interactive single-sign-on||Azure AD||High||High||Medium|
|IoT device / input constrained device||Azure AD||High||Medium||Medium|
The links in the table take you to detailed configuration information for each scenario.
View role definitions
To view Azure roles that are available for Azure Maps, go to Access control (IAM). Select Roles, and then search for roles that begin with Azure Maps. These Azure Maps roles are the roles that you can grant access to.
View role assignments
To view users and apps that have been granted access for Azure Maps, go to Access Control (IAM). There, select Role assignments, and then filter by Azure Maps.
Request tokens for Azure Maps
Request a token from the Azure AD token endpoint. In your Azure AD request, use the following details:
|Azure environment||Azure AD token endpoint||Azure resource ID|
|Azure public cloud||
|Azure Government cloud||
Manage and rotate shared keys
Your Azure Maps subscription keys are similar to a root password for your Azure Maps account. Always be careful to protect your subscription keys. Use Azure Key Vault to manage and rotate your keys securely. Avoid distributing access keys to other users, hard-coding them, or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they may have been compromised.
Microsoft recommends using Azure Active Directory (Azure AD) to authorize requests if possible, instead of Shared Key. Azure AD provides superior security and ease of use over Shared Key.
Manually rotate subscription keys
Microsoft recommends that you rotate your subscription keys periodically to help keep your Azure Maps account secure. If possible, use Azure Key Vault to manage your access keys. If you are not using Key Vault, you will need to rotate your keys manually.
Two subscription keys are assigned so that you can rotate your keys. Having two keys ensures that your application maintains access to Azure Maps throughout the process.
To rotate your Azure Maps subscription keys in the Azure portal:
- Update your application code to reference the secondary key for the Azure Maps account and deploy.
- Navigate to your Azure Maps account in the Azure portal.
- Under Settings, select Authentication.
- To regenerate the primary key for your Azure Maps account, select the Regenerate button next to the primary key.
- Update your application code to reference the new primary key and deploy.
- Regenerate the secondary key in the same manner.
Microsoft recommends using only one of the keys in all of your applications at the same time. If you use Key 1 in some places and Key 2 in others, you will not be able to rotate your keys without some applications losing access.
For more information, see Azure AD and Azure Maps Web SDK.
Find the API usage metrics for your Azure Maps account:
Explore samples that show how to integrate Azure AD with Azure Maps: