From eab62a6208c75b2a73c904302c530c7a2c6cf208 Mon Sep 17 00:00:00 2001
From: Charles Lowell <chlowe@microsoft.com>
Date: Mon, 23 Aug 2021 16:04:05 -0700
Subject: [PATCH] Add Cloud Configuration section to Identity readme (#20373)

---
 sdk/identity/azure-identity/README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/sdk/identity/azure-identity/README.md b/sdk/identity/azure-identity/README.md
index 2cf65d4a99bb..0f3c12139e16 100644
--- a/sdk/identity/azure-identity/README.md
+++ b/sdk/identity/azure-identity/README.md
@@ -220,6 +220,22 @@ default_credential = DefaultAzureCredential()
 client = SecretClient("https://my-vault.vault.azure.net", default_credential)
 ```
 
+## Cloud Configuration
+Credentials default to authenticating to the Azure Active Directory endpoint for
+Azure Public Cloud. To access resources in other clouds, such as Azure Government
+or a private cloud, configure credentials with the `authority` argument.
+[AzureAuthorityHosts](https://aka.ms/azsdk/python/identity/docs#azure.identity.AzureAuthorityHosts)
+defines authorities for well-known clouds:
+```py
+from azure.identity import AzureAuthorityHosts
+
+DefaultAzureCredential(authority=AzureAuthorityHosts.AZURE_GOVERNMENT)
+```
+Not all credentials require this configuration. Credentials which authenticate
+through a development tool, such as `AzureCliCredential`, use that tool's
+configuration. Similarly, `VisualStudioCodeCredential` accepts an `authority`
+argument but defaults to the authority matching VS Code's "Azure: Cloud" setting.
+
 ## Credential Classes
 
 ### Authenticating Azure Hosted Applications