Create, list, delete or assign a role to a user-assigned managed identity using the Azure portal

User assigned managed identities are a preview feature of Azure Active Directory. Make sure you review the known issues before you begin. For more information about previews, see Supplemental Terms of Use for Microsoft Azure Previews.

Managed identities for Azure resources provides Azure services with a managed identity in Azure Active Directory. You can use this identity to authenticate to services that support Azure AD authentication, without needing credentials in your code.

In this article, you learn how to create, list, delete or assign a role to a user-assigned managed identity using the Azure Portal.

Prerequisites

Create a user-assigned managed identity

To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

  1. Sign in to the Azure portal using an account associated with the Azure subscription to create the user-assigned managed identity.
  2. In the search box, type Managed Identities, and under Services, click Managed Identities.
  3. Click Add and enter values in the following fields under Create user assigned managed identity pane:
    • Resource Name: This is the name for your user-assigned managed identity, for example UAI1.
    • Subscription: Choose the subscription to create the user-assigned managed identity under
    • Resource Group: Create a new resource group to contain your user-assigned managed identity or choose Use existing to create the user-assigned managed identity in an existing resource group.
    • Location: Choose a location to deploy the user-assigned managed identity,for example West US.
  4. Click Create.

Create a user-assigned managed identity

List user-assigned managed identities

To list/read a user-assigned managed identity, your account needs the Managed Identity Operator or Managed Identity Contributor role assignment.

  1. Sign in to the Azure portal using an account associated with the Azure subscription to list the user-assigned managed identities.
  2. In the search box, type Managed Identities, and under Services, click Managed Identities.
  3. A list of the user-assigned managed identities for your subscription is returned. To see the details of a user-assigned managed identity click its name.

List user-assigned managed identity

Delete a user-assigned managed identity

To delete a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

Deleting a user assigned identity does not remove it from the VM or resource it was assigned to. To remove the user assigned identity from a VM see, Remove a user-assigned managed identity from a VM.

  1. Sign in to the Azure portal using an account associated with the Azure subscription to delete a user-assigned managed identity.
  2. Select the user-assigned managed identity and click Delete.
  3. Under the confirmation box choose, Yes.

Delete user-assigned managed identity

Assign a role to a user-assigned managed identity

To assign a role to a user-assigned managed identity, your account needs the User Access Administrator role assignment.

  1. Sign in to the Azure portal using an account associated with the Azure subscription to list the user-assigned managed identities.

  2. In the search box, type Managed Identities, and under Services, click Managed Identities.

  3. A list of the user-assigned managed identities for your subscription is returned. Select the user-assigned managed identity that you want to assign a role.

  4. Select Access control (IAM) and then select Add role assignment.

    User-assigned managed identity start

  5. In the Add role assignment blade, configure the following values and then click Save:

    • Role - the role to assign
    • Assign access to - the resource to assign the user-assigned managed identity
    • Select - the member to assign access

    User-assigned managed identity IAM