az functionapp identity

Manage web app's managed service identity.

Commands

az functionapp identity assign

Assign managed service identity to the web app.

az functionapp identity remove

Disable web app's managed service identity.

az functionapp identity show

Display web app's managed service identity.

az functionapp identity assign

Assign managed service identity to the web app.

az functionapp identity assign [--identities]
                               [--ids]
                               [--name]
                               [--resource-group]
                               [--role]
                               [--scope]
                               [--slot]
                               [--subscription]

Examples

assign local identity and assign a reader role to the current resource group.

az functionapp identity assign -g MyResourceGroup -n MyUniqueApp --role reader --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/MyResourceGroup

enable identity for the web app.

az functionapp identity assign -g MyResourceGroup -n MyUniqueApp

assign local identity and a user assigned identity to a function app.

az functionapp identity assign -g MyResourceGroup -n MyUniqueApp --identities [system] myAssignedId

Optional Parameters

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the function app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--role

Role name or id the managed identity will be assigned.

default value: Contributor
--scope

The scope the managed identity has access to.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az functionapp identity remove

Disable web app's managed service identity.

az functionapp identity remove [--identities]
                               [--ids]
                               [--name]
                               [--resource-group]
                               [--slot]
                               [--subscription]

Examples

Disable web app's system managed identity

az functionapp identity remove --name MyFunctionApp --resource-group MyResourceGroup

Disable web app's system managed identity and a user managed identity

az functionapp identity remove --name MyFunctionApp --resource-group MyResourceGroup --identities [system] myAssignedId

Optional Parameters

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the function app.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az functionapp identity show

Display web app's managed service identity.

az functionapp identity show [--ids]
                             [--name]
                             [--query-examples]
                             [--resource-group]
                             [--slot]
                             [--subscription]

Examples

display functionapp's managed service identity (autogenerated)

az functionapp identity show --name MyFunctionApp --resource-group MyResourceGroup

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the function app.

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.