diff --git a/cmd/appgw-ingress/main.go b/cmd/appgw-ingress/main.go
index db2bceb54..b8b8a5d33 100644
--- a/cmd/appgw-ingress/main.go
+++ b/cmd/appgw-ingress/main.go
@@ -129,6 +129,23 @@ func main() {
 		glog.Fatal(errorLine)
 	}
 
+	azClient := azure.NewAzClient(azure.SubscriptionID(env.SubscriptionID), azure.ResourceGroup(env.ResourceGroupName), azure.ResourceName(env.AppGwName))
+	appGwIdentifier := appgw.Identifier{
+		SubscriptionID: env.SubscriptionID,
+		ResourceGroup:  env.ResourceGroupName,
+		AppGwName:      env.AppGwName,
+	}
+
+	// create a new agic controller
+	appGwIngressController := controller.NewAppGwIngressController(azClient, appGwIdentifier, k8sContext, recorder, metricStore, agicPod)
+
+	// initialize the http server and start it
+	httpServer := httpserver.NewHTTPServer(
+		appGwIngressController,
+		metricStore,
+		env.HTTPServicePort)
+	httpServer.Start()
+
 	glog.V(3).Infof("App Gateway Details: Subscription: %s, Resource Group: %s, Name: %s", env.SubscriptionID, env.ResourceGroupName, env.AppGwName)
 
 	var authorizer autorest.Authorizer
@@ -138,9 +155,10 @@ func main() {
 			recorder.Event(agicPod, v1.EventTypeWarning, events.ReasonARMAuthFailure, errorLine)
 		}
 		glog.Fatal(errorLine)
+	} else {
+		azClient.SetAuthorizer(authorizer)
 	}
 
-	azClient := azure.NewAzClient(azure.SubscriptionID(env.SubscriptionID), azure.ResourceGroup(env.ResourceGroupName), azure.ResourceName(env.AppGwName), authorizer)
 	if err = azure.WaitForAzureAuth(azClient, maxAuthRetryCount, retryPause); err != nil {
 		if err == azure.ErrAppGatewayNotFound && env.EnableDeployAppGateway {
 			if env.AppGwSubnetID != "" {
@@ -165,12 +183,6 @@ func main() {
 		}
 	}
 
-	appGwIdentifier := appgw.Identifier{
-		SubscriptionID: env.SubscriptionID,
-		ResourceGroup:  env.ResourceGroupName,
-		AppGwName:      env.AppGwName,
-	}
-
 	// namespace validations
 	if err := validateNamespaces(namespaces, kubeClient); err != nil {
 		glog.Fatal(err) // side-effect: will panic on non-existent namespace
@@ -197,8 +209,6 @@ func main() {
 		glog.Fatal(errorLine)
 	}
 
-	appGwIngressController := controller.NewAppGwIngressController(azClient, appGwIdentifier, k8sContext, recorder, metricStore, agicPod)
-
 	if err := appGwIngressController.Start(env); err != nil {
 		errorLine := fmt.Sprint("Could not start AGIC: ", err)
 		if agicPod != nil {
@@ -207,12 +217,6 @@ func main() {
 		glog.Fatal(errorLine)
 	}
 
-	httpServer := httpserver.NewHTTPServer(
-		appGwIngressController,
-		metricStore,
-		env.HTTPServicePort)
-	httpServer.Start()
-
 	sigChan := make(chan os.Signal)
 	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
 	<-sigChan
diff --git a/pkg/azure/client.go b/pkg/azure/client.go
index 65543c3ab..beed7fd4f 100644
--- a/pkg/azure/client.go
+++ b/pkg/azure/client.go
@@ -21,6 +21,8 @@ import (
 
 // AzClient is an interface for client to Azure
 type AzClient interface {
+	SetAuthorizer(authorizer autorest.Authorizer)
+
 	GetGateway() (n.ApplicationGateway, error)
 	UpdateGateway(*n.ApplicationGateway) error
 	DeployGatewayWithVnet(ResourceGroup, ResourceName, ResourceName, string) error
@@ -36,7 +38,6 @@ type azClient struct {
 	subnetsClient         n.SubnetsClient
 	groupsClient          r.GroupsClient
 	deploymentsClient     r.DeploymentsClient
-	authorizer            autorest.Authorizer
 
 	subscriptionID    SubscriptionID
 	resourceGroupName ResourceGroup
@@ -47,7 +48,7 @@ type azClient struct {
 }
 
 // NewAzClient returns an Azure Client
-func NewAzClient(subscriptionID SubscriptionID, resourceGroupName ResourceGroup, appGwName ResourceName, authorizer autorest.Authorizer) AzClient {
+func NewAzClient(subscriptionID SubscriptionID, resourceGroupName ResourceGroup, appGwName ResourceName) AzClient {
 	settings, err := auth.GetSettingsFromEnvironment()
 	if err != nil {
 		return nil
@@ -67,43 +68,40 @@ func NewAzClient(subscriptionID SubscriptionID, resourceGroupName ResourceGroup,
 		appGwName:         appGwName,
 		memoizedIPs:       make(map[string]n.PublicIPAddress),
 
-		ctx:        context.Background(),
-		authorizer: authorizer,
+		ctx: context.Background(),
 	}
 
 	if err := az.appGatewaysClient.AddToUserAgent(userAgent); err != nil {
 		glog.Error("Error adding User Agent to App Gateway client: ", userAgent)
 	}
-	az.appGatewaysClient.Authorizer = az.authorizer
-
 	if err := az.publicIPsClient.AddToUserAgent(userAgent); err != nil {
 		glog.Error("Error adding User Agent to Public IP client: ", userAgent)
 	}
-	az.publicIPsClient.Authorizer = az.authorizer
-
 	if err := az.virtualNetworksClient.AddToUserAgent(userAgent); err != nil {
 		glog.Error("Error adding User Agent to Virtual Networks client: ", userAgent)
 	}
-	az.virtualNetworksClient.Authorizer = az.authorizer
-
 	if err := az.subnetsClient.AddToUserAgent(userAgent); err != nil {
 		glog.Error("Error adding User Agent to Subnets client: ", userAgent)
 	}
-	az.subnetsClient.Authorizer = az.authorizer
-
 	if err := az.groupsClient.AddToUserAgent(userAgent); err != nil {
 		glog.Error("Error adding User Agent to Groups client: ", userAgent)
 	}
-	az.groupsClient.Authorizer = az.authorizer
-
 	if err := az.deploymentsClient.AddToUserAgent(userAgent); err != nil {
 		glog.Error("Error adding User Agent to Deployments client: ", userAgent)
 	}
-	az.deploymentsClient.Authorizer = az.authorizer
 
 	return az
 }
 
+func (az *azClient) SetAuthorizer(authorizer autorest.Authorizer) {
+	az.appGatewaysClient.Authorizer = authorizer
+	az.publicIPsClient.Authorizer = authorizer
+	az.virtualNetworksClient.Authorizer = authorizer
+	az.subnetsClient.Authorizer = authorizer
+	az.groupsClient.Authorizer = authorizer
+	az.deploymentsClient.Authorizer = authorizer
+}
+
 func (az *azClient) GetGateway() (n.ApplicationGateway, error) {
 	return az.appGatewaysClient.Get(az.ctx, string(az.resourceGroupName), string(az.appGwName))
 }
diff --git a/pkg/azure/fake.go b/pkg/azure/fake.go
index 685e80cb1..9db1d1c60 100644
--- a/pkg/azure/fake.go
+++ b/pkg/azure/fake.go
@@ -5,7 +5,11 @@
 
 package azure
 
-import n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-09-01/network"
+import (
+	"github.com/Azure/go-autorest/autorest"
+
+	n "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-09-01/network"
+)
 
 // GetGatewayFunc is a function type
 type GetGatewayFunc func() (n.ApplicationGateway, error)
@@ -32,6 +36,10 @@ func NewFakeAzClient() *FakeAzClient {
 	return &FakeAzClient{}
 }
 
+// SetAuthorizer is an empty function
+func (az *FakeAzClient) SetAuthorizer(authorizer autorest.Authorizer) {
+}
+
 // GetGateway runs GetGatewayFunc and return a gateway
 func (az *FakeAzClient) GetGateway() (n.ApplicationGateway, error) {
 	if az.GetGatewayFunc != nil {