You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,16 +9,14 @@ ms.service: active-directory
9
9
ms.subservice: msi
10
10
ms.topic: how-to
11
11
ms.workload: identity
12
-
ms.date: 02/18/2022
12
+
ms.date: 03/04/2022
13
13
ms.author: barclayn
14
14
ms.custom: devx-track-azurecli
15
15
zone_pivot_groups: identity-mi-methods
16
16
---
17
17
18
18
# Manage user-assigned managed identities
19
19
20
-
21
-
22
20
Managed identities for Azure resources eliminate the need to manage credentials in code. You can use them to get an Azure Active Directory (Azure AD) token for your applications. The applications can use the token when accessing resources that support Azure AD authentication. Azure manages the identity so you don't have to.
23
21
24
22
There are two types of managed identities: system-assigned and user-assigned. System-assigned managed identities have their lifecycle tied to the resource that created them. User-assigned managed identities can be used on multiple resources. To learn more about managed identities, see [What are managed identities for Azure resources?](overview.md).
@@ -76,13 +74,13 @@ Deleting a user-assigned identity doesn't remove it from the VM or resource it w
76
74
77
75
:::image type="content" source="media/how-manage-user-assigned-managed-identities/delete-user-assigned-managed-identity-portal.png" alt-text="Screenshot that shows the Delete user-assigned managed identities.":::
78
76
79
-
## Assign a role to a user-assigned managed identity
77
+
## Manage access to user-assigned managed identities
80
78
81
-
To assign a role to a user-assigned managed identity, your account needs the [User Access Administrator](../../role-based-access-control/built-in-roles.md#user-access-administrator) role assignment.
79
+
In some environments, administrators choose to limit who can manage user-assigned managed identities. You do this by using [built-in](../../role-based-access-control/built-in-roles.md#identity) RBAC roles. You can use these roles to grant a user or group in your organization rights over a user-assigned managed identity.
82
80
83
81
1. Sign in to the [Azure portal](https://portal.azure.com).
84
82
1. In the search box, enter **Managed Identities**. Under **Services**, select **Managed Identities**.
85
-
1. A list of the user-assigned managed identities for your subscription is returned. Select the user-assigned managed identity that you want to assign a role.
83
+
1. A list of the user-assigned managed identities for your subscription is returned. Select the user-assigned managed identity that you want to manage.
86
84
1. Select **Azure role assignments**, and then select **Add role assignment**.
87
85
1. In the **Add role assignment** pane, configure the following values, and then select **Save**:
88
86
-**Role**: The role to assign.
@@ -91,6 +89,8 @@ To assign a role to a user-assigned managed identity, your account needs the [Us
91
89
92
90
93
91
92
+
>[!NOTE]
93
+
>You can information on assigning roles to managed identities in [Assign a managed identity access to a resource by using the Azure portal](../../role-based-access-control/role-assignments-portal-managed-identity.md)
Copy file name to clipboardExpand all lines: articles/application-gateway/key-vault-certs.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: application-gateway
5
5
author: vhorne
6
6
ms.service: application-gateway
7
7
ms.topic: conceptual
8
-
ms.date: 01/31/2022
8
+
ms.date: 03/04/2022
9
9
ms.author: victorh
10
10
---
11
11
@@ -70,7 +70,7 @@ Define access policies to use the user-assigned managed identity with your Key V
70
70
1. Select the Key Vault that contains your certificate.
71
71
1. If you're using the permission model **Vault access policy**: Select **Access Policies**, select **+ Add Access Policy**, select **Get** for **Secret permissions**, and choose your user-assigned managed identity for **Select principal**. Then select **Save**.
72
72
73
-
If you're using the permission model **Azure role-based access control**: Select **Access control (IAM)** and [Add a role assignment](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md#assign-a-role-to-a-user-assigned-managed-identity) for the user-assigned managed identity to the Azure Key Vault for the role **Key Vault Secrets User**.
73
+
If you're using **Azure role-based access control** follow the article [Assign a managed identity access to a resource](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md) and assign the user-assigned managed identity the **Key Vault Secrets User** role to the Azure Key Vault.
0 commit comments