Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Managed identities for Azure resources eliminate the need to manage credentials in code. You can use them to get a Microsoft Entra token for your applications. The applications can use the token when accessing resources that support Microsoft Entra authentication. Azure manages the identity so you don't have to.
There are two types of managed identities: system-assigned and user-assigned. System-assigned managed identities have their lifecycle tied to the resource that created them. This identity is restricted to only one resource, and you can grant permissions to the managed identity by using Azure role-based access control (RBAC). User-assigned managed identities can be used on multiple resources.
In this article, you create a user-assigned managed identity by using Azure Resource Manager. You can't list and delete a user-assigned managed identity by using a Resource Manager template. Use the other methods to list or delete a user-assigned managed identity.
Prerequisites
- If you're unfamiliar with managed identities for Azure resources, check out the overview section. Be sure to review the difference between a system-assigned and user-assigned managed identity.
- If you don't already have an Azure account, sign up for a Trial before you continue.
Template creation and editing
Resource Manager templates help you deploy new or modified resources defined by an Azure resource group. Several options are available for template editing and deployment, both local and portal-based. You can:
- Use a custom template from Azure Marketplace to create a template from scratch or base it on an existing common or quickstart template.
- Derive from an existing resource group by exporting a template. You can export them from either the original deployment or from the current state of the deployment.
- Use a local JSON editor (such as VS Code), and then upload and deploy by using PowerShell or the Azure CLI.
- Use the Visual Studio Azure Resource Group project to create and deploy a template.
Create a user-assigned managed identity
To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.
To create a user-assigned managed identity, use the following template. Replace the <USER ASSIGNED IDENTITY NAME> value with your own values.
Important
When you create user-assigned managed identities, only alphanumeric characters (0-9, a-z, and A-Z) and the hyphen (-) are supported. For the assignment to a virtual machine or virtual machine scale set to work properly, the name is limited to 24 characters. For more information, see FAQs and known issues.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string",
"metadata": {
"description": "<USER ASSIGNED IDENTITY NAME>"
}
}
},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[parameters('resourceName')]",
"apiVersion": "2018-11-30",
"location": "[resourceGroup().location]"
}
],
"outputs": {
"identityName": {
"type": "string",
"value": "[parameters('resourceName')]"
}
}
}