diff --git a/.github/workflows/alpha-release.yml b/.github/workflows/alpha-release.yml
index a8f761564f4..8bab314e506 100644
--- a/.github/workflows/alpha-release.yml
+++ b/.github/workflows/alpha-release.yml
@@ -103,12 +103,27 @@ jobs:
       - name: Upload tarball to blob storage
         run: az storage blob upload -f "packages/communication-react/release/azure-communication-react-${{ steps.version.outputs.version }}.tgz" -c "drops/azure-communication-services/react/npm/${{ steps.version.outputs.version }}" --account-name azuresdkpartnerdrops --auth-mode login
 
+      # Get access token to trigger the release pipeline based on OIDC login
+      #
+      # Ideally we would use `az pipelines release create` CLI, but it does not support release variables: https://github.com/Azure/azure-cli-extensions/issues/953
+      # Instead, we use the az CLI to generate a PAT and then use that to trigger the release pipeline
+      #
+      # NOTES:
+      #   - 590cfd2a-581c-4dcb-a12e-6568ce786175 is the GUID of the Azure Partner Pipelines ADO project
+      #   - 499b84ac-1321-427f-aa17-267ca6975798 is generic GUID of Azure DevOps resource
+      - name: Get Azure DevOps Access Token
+        id: az-devops-access-token
+        run: |
+          az extension add --name azure-devops
+          az devops configure --defaults organization=https://dev.azure.com/azure-sdk project=590cfd2a-581c-4dcb-a12e-6568ce786175
+          echo "token=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query accessToken -o tsv)" >> $GITHUB_OUTPUT
+
       - name: Trigger alpha package release pipeline
         uses: Azure/pipelines@v1.2
         with:
           azure-devops-project-url: 'https://dev.azure.com/azure-sdk/internal'
           azure-pipeline-name: 'azuresdkpartnerdrops to npm'
-          azure-devops-token: '${{ secrets.AZURE_SDK_RELEASE_PIPELINE_DEVOPS_TOKEN }}'
+          azure-devops-token: ${{ steps.az-devops-access-token.outputs.token }}
           azure-pipeline-variables: '{"accessLevel": "public", "BlobPath": "azure-communication-services/react/npm/${{ steps.version.outputs.version }}", "registry": "https://registry.npmjs.org/", "skipDiff": "False", "tag": "dev"}'
 
       # Push git tags
diff --git a/.github/workflows/nightly-cd.yml b/.github/workflows/nightly-cd.yml
index 8c0e5ae1d43..ef5838239d3 100644
--- a/.github/workflows/nightly-cd.yml
+++ b/.github/workflows/nightly-cd.yml
@@ -150,12 +150,27 @@ jobs:
       - name: Upload tarball to blob storage
         run: az storage blob upload -f "packages/communication-react/release/azure-communication-react-${{ steps.version.outputs.version }}.tgz" -c "drops/azure-communication-services/react/npm/${{ steps.version.outputs.version }}" --account-name azuresdkpartnerdrops --auth-mode login
 
+      # Get access token to trigger the release pipeline based on OIDC login
+      #
+      # Ideally we would use `az pipelines release create` CLI, but it does not support release variables: https://github.com/Azure/azure-cli-extensions/issues/953
+      # Instead, we use the az CLI to generate a PAT and then use that to trigger the release pipeline
+      #
+      # NOTES:
+      #   - 590cfd2a-581c-4dcb-a12e-6568ce786175 is the GUID of the Azure Partner Pipelines ADO project
+      #   - 499b84ac-1321-427f-aa17-267ca6975798 is generic GUID of Azure DevOps resource
+      - name: Get Azure DevOps Access Token
+        id: az-devops-access-token
+        run: |
+          az extension add --name azure-devops
+          az devops configure --defaults organization=https://dev.azure.com/azure-sdk project=590cfd2a-581c-4dcb-a12e-6568ce786175
+          echo "token=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query accessToken -o tsv)" >> $GITHUB_OUTPUT
+
       - name: Trigger alpha package release pipeline
         uses: Azure/pipelines@v1.2
         with:
           azure-devops-project-url: 'https://dev.azure.com/azure-sdk/internal'
           azure-pipeline-name: 'azuresdkpartnerdrops to npm'
-          azure-devops-token: '${{ secrets.AZURE_SDK_RELEASE_PIPELINE_DEVOPS_TOKEN }}'
+          azure-devops-token: ${{ steps.az-devops-access-token.outputs.token }}
           azure-pipeline-variables: '{"accessLevel": "public", "BlobPath": "azure-communication-services/react/npm/${{ steps.version.outputs.version }}", "registry": "https://registry.npmjs.org/", "skipDiff": "False", "tag": "dev"}'
 
       # Push git tags
diff --git a/.github/workflows/npm-release-publish.yml b/.github/workflows/npm-release-publish.yml
index 1bf3f6a6eb8..b980610c694 100644
--- a/.github/workflows/npm-release-publish.yml
+++ b/.github/workflows/npm-release-publish.yml
@@ -139,12 +139,27 @@ jobs:
       - name: Upload tarball to blob storage
         run: az storage blob upload -f "packages/communication-react/release/azure-communication-react-${{ steps.version.outputs.version }}.tgz" -c "drops/azure-communication-services/react/npm/${{ steps.version.outputs.version }}" --account-name azuresdkpartnerdrops --auth-mode login
 
+      # Get access token to trigger the release pipeline based on OIDC login
+      #
+      # Ideally we would use `az pipelines release create` CLI, but it does not support release variables: https://github.com/Azure/azure-cli-extensions/issues/953
+      # Instead, we use the az CLI to generate a PAT and then use that to trigger the release pipeline
+      #
+      # NOTES:
+      #   - 590cfd2a-581c-4dcb-a12e-6568ce786175 is the GUID of the Azure Partner Pipelines ADO project
+      #   - 499b84ac-1321-427f-aa17-267ca6975798 is generic GUID of Azure DevOps resource
+      - name: Get Azure DevOps Access Token
+        id: az-devops-access-token
+        run: |
+          az extension add --name azure-devops
+          az devops configure --defaults organization=https://dev.azure.com/azure-sdk project=590cfd2a-581c-4dcb-a12e-6568ce786175
+          echo "token=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query accessToken -o tsv)" >> $GITHUB_OUTPUT
+
       - name: Trigger package release pipeline
         uses: Azure/pipelines@v1.2
         with:
           azure-devops-project-url: 'https://dev.azure.com/azure-sdk/internal'
           azure-pipeline-name: 'azuresdkpartnerdrops to npm'
-          azure-devops-token: '${{ secrets.AZURE_SDK_RELEASE_PIPELINE_DEVOPS_TOKEN }}'
+          azure-devops-token: ${{ steps.az-devops-access-token.outputs.token }}
           azure-pipeline-variables: '{"accessLevel": "public", "BlobPath": "azure-communication-services/react/npm/${{ steps.version.outputs.version }}", "registry": "https://registry.npmjs.org/", "skipDiff": "False", "tag": "${{ github.event.inputs.npm-tag }}"}'
 
       - name: Check if npm package published successfully
diff --git a/docs/releases/updating-npm-publishing-credentials.md b/docs/releases/updating-npm-publishing-credentials.md
index 5210de2acb4..5b965a88c69 100644
--- a/docs/releases/updating-npm-publishing-credentials.md
+++ b/docs/releases/updating-npm-publishing-credentials.md
@@ -1,23 +1,16 @@
 # Updating npm publishing credentials
 
+**Update: we now used Managed Identities for authentication. As such we no longer have personal access tokens that need rotated regularly.**
+
 Our GitHub actions that publish our npm package require access for two places:
 
 1. The Azure Blob Store that we upload the npm tarball to.
 1. The ADO release pipeline that publishes tarball to npm.
 
-For more information on these visit the internal wiki page: <https://dev.azure.com/azure-sdk/internal/_wiki/wikis/internal.wiki/1/Partner-Release-Pipeline>.
-
-## Required keys and tokens
-
-1. `AZURE_SDK_RELEASE_PIPELINE_DEVOPS_TOKEN`. **⚠ This will expire periodically and need updating ⚠**. This is a personal access token. An account with access to the [ADO release pipeline](https://dev.azure.com/azure-sdk/internal/_wiki/wikis/internal.wiki/1/Partner-Release-Pipeline) should create a new access token when the old one expires. To gain access to this release page you must belong to the appropriate security group; follow the instructions on the [internal wiki page](https://dev.azure.com/azure-sdk/internal/_wiki/wikis/internal.wiki/1/Partner-Release-Pipeline). For more information on how to create a personal access token see: [Use personal access tokens - Create a PAT](https://docs.microsoft.com/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops#create-a-pat).
-    * Request access to release pipelines through `myaccess`, Request for project Azure SDK Partners. Link can also be found in the [internal wiki page](https://dev.azure.com/azure-sdk/internal/_wiki/wikis/internal.wiki/1/Partner-Release-Pipeline)
-    * PAT Token should have the following scope:
-        * Release (Read, write, & execute)
-        * Code (Read, write)
-        * Build (Read, execute)
-
-1. `NPM_DEPLOY_AZURE_CLIENT_ID`, `NPM_DEPLOY_AZURE_TENANT_ID` and `NPM_DEPLOY_AZURE_SUBSCRIPTION_ID`. These shouldn't change. They are the OIDC (OpenID Connect) details that are used to authenticate access to Azure Blob Store. See [internal documenatation](https://skype.visualstudio.com/SPOOL/_wiki/wikis/SPOOL.wiki/49092/Updating-npm-publishing-credentials) for more details.
+Both of these use OpenID Connect tokens for authentication. To authorize OIDC tokens the following GitHub secrets need set:
 
-# Troubleshooting
+- `NPM_DEPLOY_AZURE_CLIENT_ID`
+- `NPM_DEPLOY_AZURE_TENANT_ID`
+- `NPM_DEPLOY_AZURE_SUBSCRIPTION_ID`.
 
-1. If you experience a 401 error, try rotating AZURE_SDK_RELEASE_PIPELINE_DEVOPS_TOKEN and rerun the job.
+These shouldn't change. See [internal documenatation](https://skype.visualstudio.com/SPOOL/_wiki/wikis/SPOOL.wiki/49092/Updating-npm-publishing-credentials) for more details where these are and how they are used for authorization.