Assign a managed identity to an Event Grid custom topic or domain
This article shows you how to assign a system-assigned or a user-assigned identity to an Event Grid custom topic or a domain. To learn about managed identities, see What are managed identities for Azure resources.
You can enable either system-assigned identity or user-assigned identity for an Event Grid topic or domain, but not both. You can have at most two user-assigned identities assigned to a topic or domain.
Enable identity when creating a topic or domain
You can assign a system-assigned identity or a user-assigned identity to a custom topic or domain while creating it in the Azure portal.
Enable system-assigned identity
On the Advanced tab of the topic or domain creation wizard, select Enable system assigned identity.
Enable user-assigned identity
On the Advanced page of the topic or domain creation wizard, select Enable user-assigned identity, and then select Add user assigned identity.
In the Select user assigned identity window, select the subscription that has the user-assigned identity, select the user-assigned identity, and then click Select.
Enable identity for an existing custom topic or domain
In this section, you learn how to enable a system-assigned identity or a user-assigned identity for an existing custom topic or domain.
The following procedure shows you how to enable system-assigned identity for a custom topic. The steps for enabling an identity for a domain are similar.
- Go to the Azure portal.
- Search for event grid topics in the search bar at the top.
- Select the custom topic for which you want to enable the managed identity.
- Select Identity on the left menu.
To assign a system-assigned identity to a topic
In the System assigned tab, turn on the switch to enable the identity.
Select Save on the toolbar to save the setting.
To assign a user-assigned identity to a topic
Create a user-assigned identity by following instructions in the Manage user-assigned managed identities article.
On the Identity page, switch to the User assigned tab in the right pane, and then select + Add on the toolbar.
In the Add user managed identity window, follow these steps:
- Select the Azure subscription that has the user-assigned identity.
- Select the user-assigned identity.
- Select Add.
Refresh the list in the User assigned tab to see the added user-assigned identity.
You can use similar steps to enable an identity for an event grid domain.
Add the identity to an appropriate role (for example, Service Bus Data Sender) on the destination (for example, a Service Bus queue). For detailed steps, see Grant managed identity the access to Event Grid destination.