diff --git a/bicep/main.bicep b/bicep/main.bicep
index 175d162a..2f7f4d53 100644
--- a/bicep/main.bicep
+++ b/bicep/main.bicep
@@ -890,6 +890,9 @@ param natGwIdleTimeout int = 30
 @description('Configures the cluster as an OIDC issuer for use with Workload Identity')
 param oidcIssuer bool = false
 
+@description('Installs Azure Workload Identity into the cluster')
+param workloadIdentity bool = false
+
 @description('System Pool presets are derived from the recommended system pool specs')
 var systemPoolPresets = {
   CostOptimised : {
@@ -1090,6 +1093,11 @@ var aksProperties = union({
   oidcIssuerProfile: {
     enabled: oidcIssuer
   }
+  securityProfile: {
+    workloadIdentity: {
+      enabled: workloadIdentity
+    }
+  }
 },
 aksOutboundTrafficType == 'managedNATGateway' ? managedNATGatewayProfile : {},
 defenderForContainers && createLaw ? azureDefenderSecurityProfile : {}
diff --git a/helper/src/components/addonsTab.js b/helper/src/components/addonsTab.js
index 5f484765..6b0ead95 100644
--- a/helper/src/components/addonsTab.js
+++ b/helper/src/components/addonsTab.js
@@ -7,6 +7,7 @@ import { adv_stackstyle, hasError, getError } from './common'
 export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
     const { addons, net } = tabValues
     const osmFeatureFlag = featureFlag.includes('osm')
+    const wiFeatureFlag = featureFlag.includes('workloadId')
     return (
         <Stack tokens={{ childrenGap: 15 }} styles={adv_stackstyle}>
 
@@ -369,6 +370,19 @@ export default function ({ tabValues, updateFn, featureFlag, invalidArray }) {
                 <Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-osm-Checkbox"}} checked={addons.openServiceMeshAddon} onChange={(ev, v) => updateFn("openServiceMeshAddon", v)} label="Install the Open Service Mesh AddOn" />
             </Stack.Item>
 
+            { wiFeatureFlag &&
+            <>
+                <Separator className="notopmargin" />
+
+                <Stack.Item align="start">
+                    <Label required={true}>
+                        Workload Identity : Enable Azure Workload Identity on the AKS Cluster
+                        (<a target="_new" href="https://github.com/Azure/azure-workload-identity">project</a>)
+                    </Label>
+                    <Checkbox styles={{ root: { marginLeft: '50px' } }} inputProps={{ "data-testid": "addons-workloadIdentity-Checkbox"}} checked={addons.workloadIdentity} onChange={(ev, v) => updateFn("workloadIdentity", v)} label="Install Workload Identity" />
+                </Stack.Item>
+            </>}
+
             <Separator className="notopmargin" />
 
             <Stack.Item align="start">
diff --git a/helper/src/components/deployTab.js b/helper/src/components/deployTab.js
index 4d9ecefd..16da494d 100644
--- a/helper/src/components/deployTab.js
+++ b/helper/src/components/deployTab.js
@@ -115,6 +115,7 @@ export default function DeployTab({ defaults, updateFn, tabValues, invalidArray,
       })
     }),
     ...(defaults.addons.kedaAddon !== addons.kedaAddon && {kedaAddon: addons.kedaAddon }),
+    ...(defaults.addons.workloadIdentity !== addons.workloadIdentity && {workloadIdentity: addons.workloadIdentity }),
     ...(urlParams.getAll('feature').includes('defender') && cluster.DefenderForContainers !== defaults.cluster.DefenderForContainers && { DefenderForContainers: cluster.DefenderForContainers })
   }
 
diff --git a/helper/src/config.json b/helper/src/config.json
index a0884ae0..9e931d06 100644
--- a/helper/src/config.json
+++ b/helper/src/config.json
@@ -56,6 +56,7 @@
             "networkPolicy": "none",
             "kedaAddon": false,
             "openServiceMeshAddon": false,
+            "workloadIdentity": false,
             "denydefaultNetworkPolicy": false,
             "azurepolicy": "none",
             "azurePolicyInitiative": "Baseline",