MicrosoftDocs
diff --git a/‎articles/azure-resource-manager/managed-applications/create-uidefinition-elements.md
Lines changed: 2 additions & 1 deletion b/‎articles/azure-resource-manager/managed-applications/create-uidefinition-elements.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft.managedidentity.identityselector1.png
22.1 KB b/‎articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft.managedidentity.identityselector1.png
22.1 KB
diff --git a/‎articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft.managedidentity.identityselector2.png
25.9 KB b/‎articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft.managedidentity.identityselector2.png
25.9 KB
diff --git a/‎articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft.managedidentity.identityselector3.png
22 KB b/‎articles/azure-resource-manager/managed-applications/media/managed-application-elements/microsoft.managedidentity.identityselector3.png
22 KB
diff --git a/‎articles/azure-resource-manager/managed-applications/microsoft-managedidentity-identityselector.md
Lines changed: 85 additions & 0 deletions b/‎articles/azure-resource-manager/managed-applications/microsoft-managedidentity-identityselector.md
Lines changed: 85 additions & 0 deletions
diff --git a/‎articles/azure-resource-manager/managed-applications/toc.yml
Lines changed: 4 additions & 0 deletions b/‎articles/azure-resource-manager/managed-applications/toc.yml
Lines changed: 4 additions & 0 deletions
@@ -4,7 +4,7 @@ description: Describes the elements to use when constructing UI definitions for
 author: tfitzmac
 
 ms.topic: conceptual
-ms.date: 11/11/2019
+ms.date: 02/06/2020
 ms.author: tomfitz
 
 ---
@@ -56,6 +56,7 @@ The documentation for each element contains a UI sample, schema, remarks on the
 - [Microsoft.Compute.CredentialsCombo](microsoft-compute-credentialscombo.md)
 - [Microsoft.Compute.SizeSelector](microsoft-compute-sizeselector.md)
 - [Microsoft.Compute.UserNameTextBox](microsoft-compute-usernametextbox.md)
+- [Microsoft.ManagedIdentity.IdentitySelector](microsoft-managedidentity-identityselector.md)
 - [Microsoft.Network.PublicIpAddressCombo](microsoft-network-publicipaddresscombo.md)
 - [Microsoft.Network.VirtualNetworkCombo](microsoft-network-virtualnetworkcombo.md)
 - [Microsoft.Storage.MultiStorageAccountCombo](microsoft-storage-multistorageaccountcombo.md)
 
@@ -0,0 +1,85 @@
+---
+title: IdentitySelector UI element
+description: Describes the Microsoft.ManagedIdentity.IdentitySelector UI element for Azure portal. Use to assign managed identities to a resource.
+author: tfitzmac
+
+ms.topic: conceptual
+ms.date: 02/06/2020
+ms.author: tomfitz
+
+---
+
+# Microsoft.ManagedIdentity.IdentitySelector UI element
+
+A control for assigning [managed identities](../../active-directory/managed-identities-azure-resources/overview.md) for a resource in a deployment.
+
+## UI sample
+
+The control consists of the following elements:
+
+![Microsoft.ManagedIdentity.IdentitySelector first step](./media/managed-application-elements/microsoft.managedidentity.identityselector1.png)
+
+When the user selects **Add**, the following form opens. The user can select one or more user-assigned identities for the resource.
+
+![Microsoft.ManagedIdentity.IdentitySelector second step](./media/managed-application-elements/microsoft.managedidentity.identityselector2.png)
+
+The selected identities are displayed in the table. The user can add or delete items from this table.
+
+![Microsoft.ManagedIdentity.IdentitySelector third step](./media/managed-application-elements/microsoft.managedidentity.identityselector3.png)
+
+## Schema
+
+```json
+{
+  "name": "identity",
+  "type": "Microsoft.ManagedIdentity.IdentitySelector",
+  "label": "Managed Identity Configuration",
+  "toolTip": {
+    "systemAssignedIdentity": "Enable system assigned identity to grant the resource access to other existing resources.",
+    "userAssignedIdentity": "Add user assigned identities to grant the resource access to other existing resources."
+  },
+  "defaultValue": {
+    "systemAssignedIdentity": "Off"
+  },
+  "options": {
+    "hideSystemAssignedIdentity": false,
+    "hideUserAssignedIdentity": false,
+    "systemAssignedIdentityReadOnly": false
+  },
+  "visible": true
+}
+```
+
+## Sample output
+
+```json
+{
+  "identity": {
+    "value": {
+      "type": "UserAssigned",
+      "userAssignedIdentities": {
+        "/subscriptions/xxxx/resourceGroups/TestResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/TestUserIdentity1": {}
+      }
+    }
+  }
+}
+```
+
+## Remarks
+
+- Use **defaultValue.systemAssignedIdentity** to set an initial value for the system assigned identity options control. The default value is **Off**, which indicates no system assigned identity is assigned to the resource.
+- If **options.hideSystemAssignedIdentity** is set to **true**, the UI to configure the system assigned identity isn't displayed. The default value for this option is **false**.
+-	If **options.hideUserAssignedIdentity** is set to **true**, the UI to configure the user assigned identity isn't displayed. The resource isn't assigned a user assigned identity. The default value for this option is **false**.
+- If **options.systemAssignedIdentityReadOnly** is set to **true**, the user can't edit the initial value for the system assigned identity. The default value for this option is **false**.
+- The following default text is displayed in the description below the **system** assigned identity section label. You can override the default text by specifying a message in **toolTip.systemAssignedIdentity**.
+
+   *A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control. The lifecycle of this type of managed identity is tied to the lifecycle of this resource. Additionally, each resource (e.g. Virtual Machine) can only have one system assigned managed identity. [Learn more about Managed identities](https://go.microsoft.com/fwlink/?LinkId=854449).*
+
+- The following default text is displayed in the description below the **user** assigned identity section label. You can override the default text by specifying a message in **toolTip.userAssignedIdentity**.
+
+   *User assigned managed identities enable Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. This type of managed identities are created as standalone Azure resources, and have their own lifecycle. A single resource (e.g. Virtual Machine) can utilize multiple user assigned managed identities. Similarly, a single user assigned managed identity can be shared across multiple resources (e.g. Virtual Machine). [Learn more about Managed identities](https://go.microsoft.com/fwlink/?LinkId=854449).*
+
+## Next steps
+
+- For an introduction to creating UI definitions, see [Getting started with CreateUiDefinition](create-uidefinition-overview.md).
+- For a description of common properties in UI elements, see [CreateUiDefinition elements](create-uidefinition-elements.md).
@@ -110,6 +110,10 @@
         href: microsoft-compute-sizeselector.md
       - name: UserNameTextBox
         href: microsoft-compute-usernametextbox.md
+    - name: Managed Identity
+      items:
+      - name: IdentitySelector
+        href: microsoft-managedidentity-identityselector.md
     - name: Network
       items:
       - name: PublicIPAddressCombo