diff --git a/azcredentials/builder.go b/azcredentials/builder.go
index ad9ca23..5f493e1 100644
--- a/azcredentials/builder.go
+++ b/azcredentials/builder.go
@@ -48,6 +48,15 @@ func getFromCredentialsObject(credentialsObj map[string]interface{}, secureData
 
 	case AzureAuthManagedIdentity:
 		credentials := &AzureManagedIdentityCredentials{}
+		
+		clientId, err := maputil.GetStringOptional(credentialsObj, "clientId")
+		if err != nil {
+			return nil, err
+		}
+		if clientId != "" {
+			credentials.ClientId = clientId
+		}
+
 		return credentials, nil
 
 	case AzureAuthWorkloadIdentity:
diff --git a/azcredentials/builder_test.go b/azcredentials/builder_test.go
index e7303cc..9cb0c0f 100644
--- a/azcredentials/builder_test.go
+++ b/azcredentials/builder_test.go
@@ -149,6 +149,7 @@ func TestFromDatasourceData(t *testing.T) {
 		var data = map[string]interface{}{
 			"azureCredentials": map[string]interface{}{
 				"authType": "msi",
+				"clientId": "CLIENT-ID"
 			},
 		}
 		var secureData = map[string]string{}
@@ -161,7 +162,7 @@ func TestFromDatasourceData(t *testing.T) {
 		credential := (result).(*AzureManagedIdentityCredentials)
 
 		// ClientId currently not parsed
-		assert.Equal(t, credential.ClientId, "")
+		assert.Equal(t, credential.ClientId, "CLIENT-ID")
 	})
 
 	t.Run("should return workload identity credentials when workload identity auth configured", func(t *testing.T) {