diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40a2495a43a..bb96d1cafb6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -60,6 +60,7 @@ Here is an overview of all new **experimental** features:
 ### Fixes
 
 - **General**: Properly retrieve and close scalers cache ([#4011](https://github.com/kedacore/keda/issues/4011))
+- **Azure Key Vault:** Raise an error if authentication mechanism not provided ([#4010](https://github.com/kedacore/keda/issues/4010))
 
 ### Deprecations
 
diff --git a/pkg/scaling/resolver/azure_keyvault_handler.go b/pkg/scaling/resolver/azure_keyvault_handler.go
index 3baf2e53db1..62263accb53 100644
--- a/pkg/scaling/resolver/azure_keyvault_handler.go
+++ b/pkg/scaling/resolver/azure_keyvault_handler.go
@@ -109,6 +109,11 @@ func (vh *AzureKeyVaultHandler) getAuthConfig(ctx context.Context, client client
 	}
 	switch podIdentity.Provider {
 	case "", kedav1alpha1.PodIdentityProviderNone:
+		missingErr := fmt.Errorf("clientID, tenantID and clientSecret are expected when not using a pod identity provider")
+		if vh.vault.Credentials == nil {
+			return nil, missingErr
+		}
+
 		clientID := vh.vault.Credentials.ClientID
 		tenantID := vh.vault.Credentials.TenantID
 
@@ -117,7 +122,7 @@ func (vh *AzureKeyVaultHandler) getAuthConfig(ctx context.Context, client client
 		clientSecret := resolveAuthSecret(ctx, client, logger, clientSecretName, triggerNamespace, clientSecretKey, secretsLister)
 
 		if clientID == "" || tenantID == "" || clientSecret == "" {
-			return nil, fmt.Errorf("clientID, tenantID and clientSecret are expected when not using a pod identity provider")
+			return nil, missingErr
 		}
 
 		config := auth.NewClientCredentialsConfig(clientID, clientSecret, tenantID)