Feature request: Use managed identity of the project (not AI Foundry) for authentication method defined in custom tool #260
Description
Current Behavior
When defining an action for an agent based on an OpenAPI specification, there are three authentication options available:
- anonymous,
- managed identity,
- connection.
Currently, when selecting "Managed Identity" the authorization header in requests contains the application ID of the AI Foundry rather than the specific project for which the agent action is being configured.
Expected Behavior
The managed identity authentication should use the project's identity instead of the AI Foundry identity.
Business Justification
In enterprise environments with multiple projects within AI Foundry, proper identity attribution is crucial for accountability, security and compliance reasons.
This is particularly important when integrating with external APIs through services like Azure API Management (APIM), where different projects may require different access permissions or rate limits.
Question
Is there currently a way to achieve project-scoped managed identity authentication, or is this feature planned for the roadmap?