Create, list or delete a user-assigned managed identity using the Azure CLI

User assigned managed identities are a preview feature of Azure Active Directory. Make sure you review the known issues before you begin. For more information about previews, see Supplemental Terms of Use for Microsoft Azure Previews.

Managed identities for Azure resources provides Azure services with a managed identity in Azure Active Directory. You can use this identity to authenticate to services that support Azure AD authentication, without needing credentials in your code.

In this article, you learn how to create, list and delete a user-assigned managed identity using Azure CLI.

Prerequisites

Open Azure Cloud Shell

Azure Cloud Shell is a free, interactive shell that you can use to run the steps in this article. Common Azure tools are preinstalled and configured in Cloud Shell for you to use with your account. Just select the Copy button to copy the code, paste it in Cloud Shell, and then press Enter to run it. There are a few ways to open Cloud Shell:

Select Try It in the upper-right corner of a code block. Cloud Shell in this article
Open Cloud Shell in your browser. https://shell.azure.com/bash
Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal. Cloud Shell in the portal

Create a user-assigned managed identity

To create a user-assigned managed identity, use the az identity create command. The -g parameter specifies the resource group where to create the user-assigned managed identity, and the -n parameter specifies its name. Replace the <RESOURCE GROUP> and <USER ASSIGNED IDENTITY NAME> parameter values with your own values:

Important

When creating user assigned identities, only alphanumeric characters (0-9, a-z, A-Z) and the hyphen (-) are supported. Additionally, the name should be limited to 24 characters in length for the assignment to VM/VMSS to work properly. Check back for updates. For more information, see FAQs and known issues.

az identity create -g <RESOURCE GROUP> -n <USER ASSIGNED IDENTITY NAME>

List user-assigned managed identities

To list user-assigned managed identities, use the az identity list command. Replace the <RESOURCE GROUP> with your own value:

az identity list -g <RESOURCE GROUP>

In the json response, user-assigned managed identities have "Microsoft.ManagedIdentity/userAssignedIdentities" value returned for key, type.

"type": "Microsoft.ManagedIdentity/userAssignedIdentities"

Delete a user-assigned managed identity

To delete a user-assigned managed identity, use the az identity delete command. The -n parameter specifies its name and the -g parameter specifies the resource group where the user-assigned managed identity was created. Replace the <USER ASSIGNED IDENTITY NAME> and <RESOURCE GROUP> parameters values with your own values:

az identity delete -n <USER ASSIGNED IDENTITY NAME> -g <RESOURCE GROUP>

Note

Deleting a user-assigned managed identity will not remove the reference, from any resource it was assigned to. Please remove those from VM/VMSS using the az vm/vmss identity remove command

Next steps

For a full list of Azure CLI identity commands, see az identity.

For information on how to assign a user-assigned managed identity to an Azure VM see, Configure managed identities for Azure resources on an Azure VM using Azure CLI