Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The userAssignedIdentities resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedIdentity/userAssignedIdentities resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview' = {
  scope: resourceSymbolicName or scope
  location: 'string'
  name: 'string'
  tags: {
    {customized property}: 'string'
  }
}
Property Values
Microsoft.ManagedIdentity/userAssignedIdentities
| Name | Description | Value | 
|---|---|---|
| location | The geo-location where the resource lives | string (required) | 
| name | The resource name | string (required) | 
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
TrackedResourceTags
| Name | Description | Value | 
|---|
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
|---|---|
| User Assigned Identity | AVM Resource Module for User Assigned Identity | 
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description | 
|---|---|
| AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. | 
| AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault | 
| Azure Container Service (AKS) with Helm | Deploy a managed cluster with Azure Container Service (AKS) with Helm | 
| Azure Image Builder with Azure Windows Baseline | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. | 
| Build container images with ACR Tasks | This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. | 
| Configure Dev Box service | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. | 
| Create a function app in the Flex Consumption plan | Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration. | 
| Create a user-assigned managed identity and role assignment | This module allows you to create a user-assigned managed identity and a role assignment scoped to the resource group. | 
| Create a WordPress site | This template creates a WordPress site on Container Instance | 
| Create AKS with Prometheus and Grafana with privae link | This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard | 
| Create an API Management service with SSL from KeyVault | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. | 
| Create an Azure Virtual Network Manager and sample VNETs | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. | 
| Create an on-demand SFTP Server with persistent storage | This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). | 
| Create Application Gateway with Certificates | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. | 
| Create key vault, managed identity, and role assignment | This template creates a key vault, managed identity, and role assignment. | 
| Creates a Container App and Environment with Registry | Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. | 
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. | 
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. | 
| Deploy a simple Azure Spring Apps microservice application | This template deploys a simple Azure Spring Apps microservice application to run on Azure. | 
| Deploy the MedTech service including an Azure IoT Hub | The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. | 
| Deploys a static website | Deploys a static website with a backing storage account | 
| FinOps hub | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | 
| Front Door Standard/Premium with static website origin | This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. | 
| Import Container Images into ACR | This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. | 
| Network Secured Agent with User Managed Identity | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. | 
| Testing environment for Azure Firewall Premium | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering | 
| Web App with Managed Identity, SQL Server and ΑΙ | Simple example to deploy Azure infrastructure for app + data + managed identity + monitoring | 
ARM template resource definition
The userAssignedIdentities resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedIdentity/userAssignedIdentities resource, add the following JSON to your template.
{
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities",
  "apiVersion": "2022-01-31-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "{customized property}": "string"
  }
}
Property Values
Microsoft.ManagedIdentity/userAssignedIdentities
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2022-01-31-preview' | 
| location | The geo-location where the resource lives | string (required) | 
| name | The resource name | string (required) | 
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates | 
| type | The resource type | 'Microsoft.ManagedIdentity/userAssignedIdentities' | 
TrackedResourceTags
| Name | Description | Value | 
|---|
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description | 
|---|---|
| AKS Cluster with a NAT Gateway and an Application Gateway | This sample shows how to a deploy an AKS cluster with NAT Gateway for outbound connections and an Application Gateway for inbound connections. | 
| AKS cluster with the Application Gateway Ingress Controller | This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault | 
| Azure Container Service (AKS) with Helm | Deploy a managed cluster with Azure Container Service (AKS) with Helm | 
| Azure Image Builder with Azure Windows Baseline | Creates an Azure Image Builder environment and builds a Windows Server image with the latest Windows Updates and Azure Windows Baseline applied. | 
| AzureDatabricks Template with Default Storage Firewall | This template allows you to create an Default Storage Firewall enabled Azure Databricks workspace with Privateendpoint, all three forms of CMK, and User-Assigned Access Connector. | 
| Build container images with ACR Tasks | This template uses DeploymentScript to orchestrate ACR to build your container image from code repo. | 
| Configure Dev Box service | This template would create all Dev Box admin resources as per Dev Box quick start guide (/azure/dev-box/quickstart-create-dev-box). You can view all resources created, or directly go to DevPortal.microsoft.com to create your first Dev Box. | 
| Create a function app in the Flex Consumption plan | Flex Consumption hosting is recommended for functions that require rapid dynamic scale (including to zero instances), managed identity connections, and virtual network integration. | 
| Create a Private AKS Cluster with a Public DNS Zone | This sample shows how to a deploy a private AKS cluster with a Public DNS Zone. | 
| Create a user-assigned managed identity and role assignment | This module allows you to create a user-assigned managed identity and a role assignment scoped to the resource group. | 
| Create a WordPress site | This template creates a WordPress site on Container Instance | 
| Create AKS with Prometheus and Grafana with privae link | This will create an Azure grafana, AKS and install Prometheus, an open-source monitoring and alerting toolkit, on an Azure Kubernetes Service (AKS) cluster. Then you use Azure Managed Grafana's managed private endpoint to connect to this Prometheus server and display the Prometheus data in a Grafana dashboard | 
| Create alert rule for azure business continuity items | This templates creates an alert rule and user assigned MSI. It also assigns the MSI reader access to the subscription so that the alert rule has access to query the required protected items and latest recovery point details. | 
| Create an API Management service with SSL from KeyVault | This template deploys an API Management service configured with User Assigned Identity. It uses this identity to fetch SSL certificate from KeyVault and keeps it updated by checking every 4 hours. | 
| Create an Application Gateway V2 with Key Vault | This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. | 
| Create an Azure Virtual Network Manager and sample VNETs | This template deploys an Azure Virtual Network Manager and sample virtual networks into the named resource group. It supports multiple connectivity topologies and network group membership types. | 
| Create an on-demand SFTP Server with persistent storage | This template demonstrates an on-demand SFTP server using an Azure Container Instance (ACI). | 
| Create Application Gateway with Certificates | This template shows how to generate Key Vault self-signed certificates, then reference from Application Gateway. | 
| Create key vault, managed identity, and role assignment | This template creates a key vault, managed identity, and role assignment. | 
| Create ssh-keys and store in KeyVault | This template uses the deploymentScript resource to generate ssh keys and stores the private key in keyVault. | 
| Creates a Container App and Environment with Registry | Create a Container App Environment with a basic Container App from an Azure Container Registry. It also deploys a Log Analytics Workspace to store logs. | 
| Creates a Dapr microservices app using Container Apps | Create a Dapr microservices app using Container Apps. | 
| Creates a Dapr pub-sub servicebus app using Container Apps | Create a Dapr pub-sub servicebus app using Container Apps. | 
| Deploy a simple Azure Spring Apps microservice application | This template deploys a simple Azure Spring Apps microservice application to run on Azure. | 
| Deploy the MedTech service including an Azure IoT Hub | The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service. | 
| Deploys a static website | Deploys a static website with a backing storage account | 
| FinOps hub | This template creates a new FinOps hub instance, including Data Explorer, Data Lake storage, and Data Factory. | 
| Front Door Standard/Premium with static website origin | This template creates a Front Door Standard/Premium and an Azure Storage static website, and configured Front Door to send traffic to the static website. | 
| Import Container Images into ACR | This template leverages the Import ACR module from the bicep registry to import public container images into an Azure Container Registry. | 
| Import VHD Blobs from a ZIP Archive URL | Deploying Virtual Machines based on specialized disk images requires to import VHD files into a Storage Account. In the case there are multiple VHD files compressed in a single ZIP and you got the URL to fetch the ZIP archive, this ARM template will ease the job: Download, Extract and Import into an existing Storage Account Blob Container. | 
| min.io Azure Gateway | Fully private min.io Azure Gateway deployment to provide an S3 compliant storage API backed by blob storage | 
| Network Secured Agent with User Managed Identity | This set of templates demonstrates how to set up Azure AI Agent Service with virtual network isolation using User Managed Identity authetication for the AI Service/AOAI connection and private network links to connect the agent to your secure data. | 
| RBAC - Create Managed Identity Access on Azure Maps account | This template creates a Managed Identity and assigns it access to an a created Azure Maps account. | 
| Testing environment for Azure Firewall Premium | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering | 
| Web App with Managed Identity, SQL Server and ΑΙ | Simple example to deploy Azure infrastructure for app + data + managed identity + monitoring | 
Terraform (AzAPI provider) resource definition
The userAssignedIdentities resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedIdentity/userAssignedIdentities resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview"
  name = "string"
  parent_id = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
}
Property Values
Microsoft.ManagedIdentity/userAssignedIdentities
| Name | Description | Value | 
|---|---|---|
| location | The geo-location where the resource lives | string (required) | 
| name | The resource name | string (required) | 
| parent_id | The ID of the resource to apply this extension resource to. | string (required) | 
| tags | Resource tags | Dictionary of tag names and values. | 
| type | The resource type | "Microsoft.ManagedIdentity/userAssignedIdentities@2022-01-31-preview" | 
TrackedResourceTags
| Name | Description | Value | 
|---|
Usage Examples
Terraform Samples
A basic example of deploying User Assigned Identity.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}
resource "azapi_resource" "userAssignedIdentity" {
  type                      = "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31"
  parent_id                 = azapi_resource.resourceGroup.id
  name                      = var.resource_name
  location                  = var.location
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description | 
|---|---|
| User Assigned Identity | AVM Resource Module for User Assigned Identity |