diff --git a/charts/cert-manager-config/templates/cluster-issuer-private.yaml b/charts/cert-manager-config/templates/cluster-issuer-private.yaml
index 78820b0..21146f8 100644
--- a/charts/cert-manager-config/templates/cluster-issuer-private.yaml
+++ b/charts/cert-manager-config/templates/cluster-issuer-private.yaml
@@ -20,14 +20,20 @@ spec:
             project: "{{ .Values.gcp.projectId }}"
           {{- else if eq .Values.cloudProvider "azure" }}
           azureDNS:
-            clientID: {{ .Values.azure.clientID }}
             subscriptionID: {{ .Values.azure.subscriptionID }}
-            tenantID: {{ .Values.azure.tenantID }}
             resourceGroupName: {{ .Values.azure.resourceGroupName }}
             hostedZoneName: {{ .Values.azure.hostedZoneName }}
             environment: AzurePublicCloud
-            config:
-              useWorkloadIdentityExtension: true
+            {{- if .Values.azure.useWorkloadIdentity }}
+            managedIdentity:
+              clientID: {{ required "azure.clientID is required" .Values.azure.clientID | quote }}
+            {{- else }}
+            tenantID: {{ required "azure.tenantID is required" .Values.azure.tenantID | quote }}
+            clientID: {{ required "azure.clientID is required" .Values.azure.clientID | quote }}
+            clientSecretSecretRef:
+              name: {{ required "azure.clientSecret.secretName is required" .Values.azure.clientSecret.secretName | quote }}
+              key: {{ .Values.azure.clientSecret.secretKey | default "client-secret" | quote }}
+            {{- end }}
           {{- else if eq .Values.cloudProvider "cloudflare" }}
           cloudflare:
             apiTokenSecretRef:
diff --git a/charts/cert-manager-config/templates/cluster-issuer-public.yaml b/charts/cert-manager-config/templates/cluster-issuer-public.yaml
index f18c3bb..4c5033a 100644
--- a/charts/cert-manager-config/templates/cluster-issuer-public.yaml
+++ b/charts/cert-manager-config/templates/cluster-issuer-public.yaml
@@ -23,8 +23,16 @@ spec:
             resourceGroupName: {{ required "azure.resourceGroupName is required" .Values.azure.resourceGroupName | quote }}
             hostedZoneName: {{ .Values.hostedZoneName }}
             environment: AzurePublicCloud
-            config:
-              useWorkloadIdentityExtension: true
+            {{- if .Values.azure.useWorkloadIdentity }}
+            managedIdentity:
+              clientID: {{ required "azure.clientID is required" .Values.azure.clientID | quote }}
+            {{- else }}
+            tenantID: {{ required "azure.tenantID is required" .Values.azure.tenantID | quote }}
+            clientID: {{ required "azure.clientID is required" .Values.azure.clientID | quote }}
+            clientSecretSecretRef:
+              name: {{ required "azure.clientSecret.secretName is required" .Values.azure.clientSecret.secretName | quote }}
+              key: {{ .Values.azure.clientSecret.secretKey | default "client-secret" | quote }}
+            {{- end }}
           {{- else if eq .Values.cloudProvider "cloudflare" }}
           cloudflare:
             apiTokenSecretRef:
diff --git a/charts/cert-manager-config/values.yaml b/charts/cert-manager-config/values.yaml
index f80642c..c6d8a0b 100644
--- a/charts/cert-manager-config/values.yaml
+++ b/charts/cert-manager-config/values.yaml
@@ -12,6 +12,10 @@ azure:
   clientID: ""
   tenantID: ""
   hostedZoneName: ""
+  useWorkloadIdentity: true
+  clientSecret:
+    secretName: ""
+    secretKey: "client-secret"
 cloudflare:
   secretName: "cloudflare-api-token-secret"
   apiToken: ""