MicrosoftDocs
diff --git a/‎articles/azure-resource-manager/managed-applications/media/publish-managed-identity/msi-cuid.png
25.3 KB b/‎articles/azure-resource-manager/managed-applications/media/publish-managed-identity/msi-cuid.png
25.3 KB
diff --git a/‎articles/azure-resource-manager/managed-applications/publish-managed-identity.md
Lines changed: 52 additions & 58 deletions b/‎articles/azure-resource-manager/managed-applications/publish-managed-identity.md
Lines changed: 52 additions & 58 deletions
@@ -48,7 +48,7 @@ A Managed Application can be configured with Managed Identity through the [Creat
 
 ```json
 "outputs": {
-    "managedIdentity": "[parse('{\"Type\":\"SystemAssigned\"}')]"
+    "managedIdentity": { "Type": "SystemAssigned" }
 }
 ```
 
@@ -60,71 +60,65 @@ Below are some recommendations on when to use CreateUIDefinition for enabling Ma
 - The Managed Identity requires complex consumer input.
 - The Managed Identity is needed on creation of the Managed Application.
 
-#### SystemAssigned CreateUIDefinition
+#### Managed Identity CreateUIDefinition control
 
-A basic CreateUIDefinition that enables the SystemAssigned identity for the Managed Application.
+CreateUIDefinition supports a built-in [Managed Identity control](./microsoft-managedidentity-identityselector.md).
 
 ```json
 {
   "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
   "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-    "parameters": {
-        "basics": [
-            {}
-        ],
-        "steps": [
-        ],
-        "outputs": {
-            "managedIdentity": "[parse('{\"Type\":\"SystemAssigned\"}')]"
-        }
-    }
-}
-```
-
-#### UserAssigned CreateUIDefinition
-
-A basic CreateUIDefinition that takes a **user-assigned identity** resource as input and enables the UserAssigned identity for the Managed Application.
-
-```json
-{
-  "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
-  "handler": "Microsoft.Azure.CreateUIDef",
-  "version": "0.1.2-preview",
-    "parameters": {
-        "basics": [
-            {}
-        ],
-        "steps": [
-            {
-                "name": "manageIdentity",
-                "label": "Identity",
-                "subLabel": {
-                    "preValidation": "Manage Identities",
-                    "postValidation": "Done"
-                },
-                "bladeTitle": "Identity",
-                "elements": [
-                    {
-                        "name": "userAssignedText",
-                        "type": "Microsoft.Common.TextBox",
-                        "label": "User assigned managed identity",
-                        "defaultValue": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testRG/providers/Microsoft.ManagedIdentity/userassignedidentites/myuserassignedidentity",
-                        "visible": true
-                    }
-                ]
-            }
-        ],
-        "outputs": {
-            "managedIdentity": "[parse(concat('{\"Type\":\"UserAssigned\",\"UserAssignedIdentities\":{',string(steps('manageIdentity').userAssignedText),':{}}}'))]"
-        }
+  "version": "0.0.1-preview",
+  "parameters": {
+    "basics": [],
+    "steps": [
+      {
+        "name": "applicationSettings",
+        "label": "Application Settings",
+        "subLabel": {
+          "preValidation": "Configure your application settings",
+          "postValidation": "Done"
+        },
+        "bladeTitle": "Application Settings",
+        "elements": [
+          {
+            "name": "appName",
+            "type": "Microsoft.Common.TextBox",
+            "label": "Managed application Name",
+            "toolTip": "Managed application instance name",
+            "visible": true
+          },
+          {
+            "name": "appIdentity",
+            "type": "Microsoft.ManagedIdentity.IdentitySelector",
+            "label": "Managed Identity Configuration",
+            "toolTip": {
+              "systemAssignedIdentity": "Enable system assigned identity to grant the managed application access to additional existing resources.",
+              "userAssignedIdentity": "Add user assigned identities to grant the managed application access to additional existing resources."
+            },
+            "defaultValue": {
+              "systemAssignedIdentity": "Off"
+            },
+            "options": {
+              "hideSystemAssignedIdentity": false,
+              "hideUserAssignedIdentity": false,
+              "readOnlySystemAssignedIdentity": false
+            },
+            "visible": true
+          }
+        ]
+      }
+    ],
+    "outputs": {
+      "applicationResourceName": "[steps('applicationSettings').appName]",
+      "location": "[location()]",
+      "managedIdentity": "[steps('applicationSettings').appIdentity]"
     }
+  }
 }
 ```
 
-The CreateUIDefinition.json above generates a create user experience that has a textbox for a consumer to enter the **user-assigned identity** Azure resource ID. The generated experience would look like:
-
-![Sample user-assigned identity CreateUIDefinition](./media/publish-managed-identity/user-assigned-identity.png)
+![Managed Identity CreateUIDefinition](./media/publish-managed-identity/msi-cuid.png)
 
 ### Using Azure Resource Manager templates
 
@@ -197,7 +191,7 @@ A basic Azure Resource Manager template that deploys a Managed Application with
 
 ## Granting access to Azure resources
 
-Once a Managed Application is granted an identity, it can be granted access to existing azure resources. This process can be done through the Access control (IAM) interface in the Azure portal. The name of the Managed Application or **user-assigned identity** can be searched to add a role assignment.
+Once a Managed Application is granted an identity, it can be granted access to existing Azure resources. This process can be done through the Access control (IAM) interface in the Azure portal. The name of the Managed Application or **user-assigned identity** can be searched to add a role assignment.
 
 ![Add role assignment for Managed Application](./media/publish-managed-identity/identity-role-assignment.png)
 
@@ -212,7 +206,7 @@ Managed Identity can also be used to deploy a Managed Application that requires
 
 When linking the deployment of the Managed Application to existing resources, both the existing Azure resource and a **user-assigned identity** with the applicable role assignment on that resource must be provided.
 
- A sample CreateUIDefinition that requires two inputs: a network interface resource ID and a user assigned identity resource id.
+ A sample CreateUIDefinition that requires two inputs: a network interface resource ID and a user assigned identity resource ID.
 
 ```json
 {