diff --git a/docs/AzureCLIImpersonation.md b/docs/AzureCLIImpersonation.md
new file mode 100644
index 0000000..86b22ba
--- /dev/null
+++ b/docs/AzureCLIImpersonation.md
@@ -0,0 +1,34 @@
+# Azure CLI Impersonation
+
+To use `sk-az-tools` module or commands, you need to register Public Client Application and assign it appropriate permissions for full functionality.
+
+Some commands may work with limited functionality without dedicated Public Client Application. You can use Azure CLI public client application for that purpose.
+
+The Client ID of Azure CLI public client application is `04b07795-8ddb-461a-bbee-02f9e1bf7b46`.
+
+Create a configuration file `$HOME/.config/sk-az-tools/public-config.json` with the following content:
+
+```json
+{
+  "tenantId": "<tenant-id>",
+  "clientId": "04b07795-8ddb-461a-bbee-02f9e1bf7b46"
+}
+```
+
+You can obtain tenant ID using `az account show --query tenantId -o tsv` command.
+
+Confirm Client ID of the Azure CLI by locating Azure CLI installation and looking into the following file that lives in the Azure CLI embedded Python distribution:
+
+`<installation_path>/lib/python3.<minor_version>/site-packages/azure/cli/core/auth/constants.py`:
+
+```python
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+AZURE_CLI_CLIENT_ID = '04b07795-8ddb-461a-bbee-02f9e1bf7b46'
+
+ACCESS_TOKEN = 'access_token'
+EXPIRES_IN = "expires_in"
+```