| title | description | services | documentationcenter | author | manager | editor | ms.service | ms.component | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
How to create and delete a user-assigned managed identity using Azure Resource Manager |
Step by step instructions on how to create and delete user-assigned managed identities using Azure Resource Manager. |
active-directory |
daveba |
mtillman |
active-directory |
msi |
na |
conceptual |
na |
identity |
04/16/2018 |
daveba |
[!INCLUDE preview-notice]
Managed identities for Azure resources provides Azure services with a managed identity in Azure Active Directory. You can use this identity to authenticate to services that support Azure AD authentication, without needing credentials in your code.
In this article, you create a user-assigned managed identity using an Azure Resource Manager.
It is not possible to list and delete a user-assigned managed identity using an Azure Resource Manager template. See the following articles to create and list a user-assigned managed identity:
- If you're unfamiliar with managed identities for Azure resources, check out the overview section. Be sure to review the difference between a system-assigned and user-assigned managed identity.
- If you don't already have an Azure account, sign up for a free account before continuing.
As with the Azure portal and scripting, Azure Resource Manager templates provide the ability to deploy new or modified resources defined by an Azure resource group. Several options are available for template editing and deployment, both local and portal-based, including:
- Using a custom template from the Azure Marketplace, which allows you to create a template from scratch, or base it on an existing common or QuickStart template.
- Deriving from an existing resource group, by exporting a template from either the original deployment, or from the current state of the deployment.
- Using a local JSON editor (such as VS Code), and then uploading and deploying by using PowerShell or CLI.
- Using the Visual Studio Azure Resource Group project to both create and deploy a template.
To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.
To create a user-assigned managed identity, use the following template. Replace the <USER ASSIGNED IDENTITY NAME> value with your own values:
[!INCLUDE ua-character-limit]
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string",
"metadata": {
"description": "<USER ASSIGNED IDENTITY NAME>"
}
}
},
"resources": [
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities",
"name": "[parameters('resourceName')]",
"apiVersion": "2015-08-31-PREVIEW",
"location": "[resourceGroup().location]"
}
],
"outputs": {
"identityName": {
"type": "string",
"value": "[parameters('resourceName')]"
}
}
}For information on how to assign a user-assigned managed identity to an Azure VM using an Azure Resource Manager template see, Configure managed identities for Azure resources on an Azure VM using a templates.