question

GauravVerma-5560 avatar image
0 Votes"
GauravVerma-5560 asked ·

Limit User managed identity to be used within a Subscription

We have multiple teams within our organisation. Each team have their own Azure subscription under the same AAD tenancy.

Our requirement is to
1. Create User managed Identity and permissions assigned.
2. Limit the usage of the User managed identity to be allowed only in a specific subscription.

The above are once of activity done by the infra team who have rights write access to AAD.

Once user managed identity is created we want to use it to assign to the worker nodes spun up by Jenkins to perform automation tasks. This action will be done by application teams who don't have write access to AAD.

We do not want to use system identity as its created every time and application teams don't have rights to assign permissions to identity.

azure-ad-privileged-identity-managementazure-ad-identity-governance
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

som avatar image
0 Votes"
som answered ·

I think you can use root management groups. and you can assign identities to particular subscription
https://docs.microsoft.com/en-us/azure/governance/management-groups/overview

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.