You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/digital-twins/concepts-security.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -93,7 +93,7 @@ Setting up an [Azure Active Directory (Azure AD)](../active-directory/fundamenta
93
93
94
94
Azure Digital Twins supports both types of managed identities, *system-assigned* and *user-assigned*.
95
95
96
-
You can use both of these managed identity types to authenticate to a [custom-defined endpoint](concepts-route-events.md#create-an-endpoint). Azure Digital Twins supports identity-based authentication to endpoints for [Event Hubs](../event-hubs/event-hubs-about.md) and [Service Bus](../service-bus-messaging/service-bus-messaging-overview.md) destinations, and to an [Azure Storage Container](../storage/blobs/storage-blobs-introduction.md) endpoint for [dead-letter events](concepts-route-events.md#dead-letter-events). [Event Grid](../event-grid/overview.md) endpoints are currently not supported for managed identities.
96
+
You can use either of these managed identity types to authenticate to a [custom-defined endpoint](concepts-route-events.md#create-an-endpoint). Azure Digital Twins supports identity-based authentication to endpoints for [Event Hubs](../event-hubs/event-hubs-about.md) and [Service Bus](../service-bus-messaging/service-bus-messaging-overview.md) destinations, and to an [Azure Storage Container](../storage/blobs/storage-blobs-introduction.md) endpoint for [dead-letter events](concepts-route-events.md#dead-letter-events). [Event Grid](../event-grid/overview.md) endpoints are currently not supported for managed identities.
97
97
98
98
For instructions on how to enable a managed identity for Azure Digital Twins and use it to route events, see [Route events with a managed identity](how-to-route-with-managed-identity.md).
Copy file name to clipboardExpand all lines: articles/digital-twins/how-to-route-with-managed-identity.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,7 +43,7 @@ Once a managed identity is created for your Azure Digital Twins instance, you'll
43
43
44
44
### Supported destinations and Azure roles
45
45
46
-
Here are the minimum roles that an identity needs to access an endpoint, depending on the type of destination. Roles with higher permissions (like Data Owner roles) will also work.
46
+
Here are the minimum roles that your Azure Digital Twins identity needs to access an endpoint, depending on the type of destination. Roles with higher permissions (like Data Owner roles) will also work.
47
47
48
48
| Destination | Azure role |
49
49
| --- | --- |
@@ -73,9 +73,9 @@ To assign a role to the identity, start by opening the [Azure portal](https://po
73
73
74
74
| Setting | Value |
75
75
| --- | --- |
76
-
| Role | Select the desired role from the dropdown menu. |
77
-
| Assign access to |Under **Managed identity**, select **Digital Twins**.|
78
-
| Members | Select the managed identity of your Azure Digital Twins instance that's being assigned the role. The name of the managed identity matches the name of the instance, so choose the name of your Azure Digital Twins instance. |
76
+
| Role | Select the desired role from the options. |
77
+
| Assign access to |**Managed identity**|
78
+
| Members | Select the user-assigned or system-assigned managed identity of your Azure Digital Twins instance that's being assigned the role. A user-assigned identity will have the name you chose when you created the identity, and a system-assigned identity will have a name that matches the name of your Azure Digital Twins instance. |
79
79
80
80
:::image type="content" source="../../includes/role-based-access-control/media/add-role-assignment-page.png" alt-text="Screenshot of the 'Add role assignment' page for an Azure Digital Twins instance." lightbox="../../includes/role-based-access-control/media/add-role-assignment-page.png":::
Copy file name to clipboardExpand all lines: articles/digital-twins/how-to-set-up-instance-portal.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,7 +49,7 @@ This version of this article goes through these steps manually, one by one, usin
49
49
Here are the additional options you can configure during setup, using the other tabs in the **Create Resource** process.
50
50
51
51
***Networking**: In this tab, you can enable private endpoints with [Azure Private Link](../private-link/private-link-overview.md) to eliminate public network exposure to your instance. For instructions, see [Enable private access with Private Link](./how-to-enable-private-link.md?tabs=portal#add-a-private-endpoint-during-instance-creation).
52
-
***Advanced**: In this tab, you can enable a system-assigned or user-assigned [managed identity](concepts-security.md#managed-identity-for-accessing-other-resources) for your instance. When this is enabled, an identity is created for the instance in [Azure Active Directory (Azure AD)](../active-directory/fundamentals/active-directory-whatis.md). That identity can then be used to authenticate to other services. You can enable that managed identity while you're creating the instance here, or [later on an existing instance](#enabledisable-managed-identity-for-the-instance).
52
+
***Advanced**: In this tab, you can enable a system-assigned [managed identity](concepts-security.md#managed-identity-for-accessing-other-resources) for your instance. When this is enabled, Azure automatically creates an identity for the instance in [Azure Active Directory (Azure AD)](../active-directory/fundamentals/active-directory-whatis.md), which can be used to authenticate to other services. You can enable that system-assigned managed identity while you're creating the instance here, or [later on an existing instance](#enabledisable-managed-identity-for-the-instance). If you want to enable a user-assigned managed identity instead, you'll need to do it later on an existing instance.
53
53
***Tags**: In this tab, you can add tags to your instance to help you organize it among your Azure resources. For more about Azure resource tags, see [Tag resources, resource groups, and subscriptions for logical organization](../azure-resource-manager/management/tag-resources.md).
54
54
55
55
### Verify success and collect important values
@@ -125,28 +125,28 @@ You now have an Azure Digital Twins instance ready to go, and have assigned perm
125
125
126
126
## Enable/disable managed identity for the instance
127
127
128
-
This section shows you how to add a managed identity to an existing Azure Digital Twins instance. You can also use this page to disable managed identity on an instance that has it already.
128
+
This section shows you how to add a managed identity (either system-assigned or user-assigned) to an existing Azure Digital Twins instance. You can also use this page to disable managed identity on an instance that has it already.
129
129
130
130
Start by opening the [Azure portal](https://portal.azure.com) in a browser.
131
131
132
132
1. Search for the name of your instance in the portal search bar, and select it to view its details.
133
133
134
134
1. Select **Identity** in the left-hand menu.
135
135
136
-
1. Use the tabs to select which type of managed identity you want to add.
137
-
1.**System-assigned**: After selecting this tab, select the **On** option to turn on this feature.
136
+
1. Use the tabs to select which type of managed identity you want to add or remove.
137
+
1.**System-assigned**: After selecting this tab, select the **On** option to turn on this feature, or **Off** to remove it.
138
138
139
139
:::image type="content" source="media/how-to-set-up-instance/portal/identity-system-assigned.png" alt-text="Screenshot of the Azure portal showing the Identity page and system-assigned options for an Azure Digital Twins instance." lightbox="media/how-to-set-up-instance/portal/identity-system-assigned.png":::
140
140
141
+
Select the **Save** button, and **Yes** to confirm. After system-assigned identity is turned on, more fields will be displayed on this page showing the new identity's **Object ID** and **Permissions** (Azure role assignments).
142
+
141
143
1.**User-assigned (preview)**: After selecting this tab, select **Associate a user-assigned managed identity** and follow the prompts to choose an identity to associate with the instance.
142
144
143
145
:::image type="content" source="media/how-to-set-up-instance/portal/identity-user-assigned.png" alt-text="Screenshot of the Azure portal showing the Identity page and user-assigned options for an Azure Digital Twins instance." lightbox="media/how-to-set-up-instance/portal/identity-user-assigned.png":::
144
146
145
-
1. Select the **Save** button, and **Yes** to confirm.
146
-
147
-
After the change is saved, more fields will appear on this page for the new identity's **Object ID** and **Permissions**.
147
+
Or, if there is already an identity listed here that you want to disable, you can check the box next to it in the list and **Remove** it.
148
148
149
-
You can copy the **Object ID** from here if needed, and use the **Permissions** button to view the Azure roles that are assigned to the identity. To set up some roles, continue to the next section.
149
+
Once an identity has been added, you can select its name from the list here to open its details. From its details page, you can view its **Object ID** and use the left menu to see its **Azure role assignments**.
150
150
151
151
### Considerations for disabling managed identities
0 commit comments