|
| 1 | +--- |
| 2 | +title: Enable managed identities on your lab VMs in Azure DevTest Labs |
| 3 | +description: This article shows how a lab owner can enable user-assigned managed identities on your lab virtual machines. |
| 4 | +services: lab-services |
| 5 | +documentationcenter: na |
| 6 | +author: spelluru |
| 7 | +manager: |
| 8 | +editor: '' |
| 9 | + |
| 10 | +ms.service: lab-services |
| 11 | +ms.workload: na |
| 12 | +ms.tgt_pltfrm: na |
| 13 | +ms.devlang: na |
| 14 | +ms.topic: article |
| 15 | +ms.date: 01/03/2020 |
| 16 | +ms.author: spelluru |
| 17 | + |
| 18 | +--- |
| 19 | + |
| 20 | +# Enable user-assigned managed identities on lab virtual machines in Azure DevTest Labs |
| 21 | +As a lab owner, you can enable user-assigned managed identities on your lab virtual machines (VMs) in Azure Dev Test Labs. |
| 22 | + |
| 23 | +A managed identity can be used to authenticate to any service that supports Azure Active Directory (AD) authentication, including Key Vault, without passing any credentials in the code. For more information on managed identities, see [What is managed identities for Azure resources?](../../active-directory/managed-identities-azure-resources/overview.md). |
| 24 | + |
| 25 | +With this feature, lab users can share Azure resources such as Azure SQL Database in the context of the lab where authentication to the resource is taken care by the identity itself. Once configured, every existing/newly created lab VM will be enabled with this identity and the lab user can access resources once logged in to their machine. |
| 26 | + |
| 27 | +> [!NOTE] |
| 28 | +> You can add multiple user assigned managed identities to be enabled on your lab VMs. |
| 29 | +
|
| 30 | +## Use Azure Portal |
| 31 | +To add a user assigned managed identity for lab VMs, follow these steps: |
| 32 | + |
| 33 | +1. [Create a user-assigned managed identity in your subscription](../../active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal.md#create-a-user-assigned-managed-identity) |
| 34 | +1. Navigate to the **Configuration and policies** page for your lab. |
| 35 | +2. Select **Identity (Preview)** on the left menu. |
| 36 | +3. Select the **Virtual machine** tab. |
| 37 | +4. Select **Add** to select an existing identity from a pre-populated dropdown list. |
| 38 | + |
| 39 | +  |
| 40 | +5. Select an existing **user-managed identity** from the dropped-down list, and select **OK**. |
| 41 | + |
| 42 | +  |
| 43 | + |
| 44 | +## Use API |
| 45 | + |
| 46 | +1. After creating an identity, note the resource ID of the identity. It should look like the following sample: |
| 47 | + |
| 48 | + `/subscriptions/0000000000-0000-0000-0000-00000000000000/resourceGroups/<RESOURCE GROUP NAME> /providers/Microsoft.ManagedIdentity/userAssignedIdentities/<NAME of USER IDENTITY>`. |
| 49 | +2. Run a PUT HTTPS method to add a new **ServiceRunner** resource to the lab as shown in the following example. |
| 50 | + |
| 51 | + Service runner resource is a proxy resource to manage and control managed identities in DevTest Labs. The service runner name can be any valid name but we recommend that you use the name of the managed identity resource. |
| 52 | + |
| 53 | + ```json |
| 54 | + { |
| 55 | + "identity": { |
| 56 | + "type": "userAssigned", |
| 57 | + "userAssignedIdentities": { |
| 58 | + "[userAssignedIdentityResourceId]": {} |
| 59 | + } |
| 60 | + }, |
| 61 | + "location": "southeastasia", |
| 62 | + "properties": { |
| 63 | + "identityUsageType": "VirtualMachine" |
| 64 | + } |
| 65 | + } |
| 66 | + ``` |
| 67 | + |
| 68 | +## Next steps |
| 69 | +To learn more about managed identities, see [What is managed identities for Azure resources?](../../active-directory/managed-identities-azure-resources/overview.md). |
| 70 | + |
| 71 | + |
| 72 | + |
| 73 | + |
| 74 | + |
| 75 | + |
| 76 | + |
0 commit comments