Rather than creating a new user-assigned managed identity, could you use the system assigned identity of the function app itself?
Copilot tells me "Since your Function App already has a system-assigned identity enabled, you can absolutely use that for Easy Auth. You do not need to create a separate user-assigned identity if you don’t have a specific reason to. Using the function’s own system identity is a straightforward approach for the “use identity instead of secret” configuration."
But then I see "You can only use User-Assigned Managed Identities as a credential." in the following documentation https://learn.microsoft.com/en-us/entra/workload-id/workload-identity-federation-config-app-trust-managed-identity?tabs=microsoft-entra-admin-center%2Cdotnet#configure-a-federated-identity-credential-on-an-existing-application
I'm a little lost and don't understand it fully. Thanks for any explanation.