Assign a managed identity to an Event Grid custom topic or domain

This article shows you how to assign a system-assigned or a user-assigned identity to an Event Grid custom topic or a domain. To learn about managed identities, see What are managed identities for Azure resources.

Important

You can enable either system-assigned identity or user-assigned identity for an Event Grid topic or domain, but not both. You can have at most two user-assigned identities assigned to a topic or domain.

Enable identity when creating a topic or domain

You can assign a system-assigned identity or a user-assigned identity to a custom topic or domain while creating it in the Azure portal.

Enable system-assigned identity

On the Advanced tab of the topic or domain creation wizard, select Enable system assigned identity.

Image showing the Enable system assigned identity option selected.

Enable user-assigned identity

  1. On the Advanced page of the topic or domain creation wizard, select Enable user-assigned identity, and then select Add user assigned identity.

    Image showing the Enable user assigned identity option selected.

  2. In the Select user assigned identity window, select the subscription that has the user-assigned identity, select the user-assigned identity, and then click Select.

Enable identity for an existing custom topic or domain

In this section, you learn how to enable a system-assigned identity or a user-assigned identity for an existing custom topic or domain.

The following procedure shows you how to enable system-assigned identity for a custom topic. The steps for enabling an identity for a domain are similar.

  1. Go to the Azure portal.
  2. Search for event grid topics in the search bar at the top.
  3. Select the custom topic for which you want to enable the managed identity.
  4. Select Identity on the left menu.

To assign a system-assigned identity to a topic

  1. In the System assigned tab, turn on the switch to enable the identity.

  2. Select Save on the toolbar to save the setting.

    Identity page for a custom topic

To assign a user-assigned identity to a topic

  1. Create a user-assigned identity by following instructions in the Manage user-assigned managed identities article.

  2. On the Identity page, switch to the User assigned tab in the right pane, and then select + Add on the toolbar.

    Image showing the User Assigned Identity tab

  3. In the Add user managed identity window, follow these steps:

    1. Select the Azure subscription that has the user-assigned identity.
    2. Select the user-assigned identity.
    3. Select Add.
  4. Refresh the list in the User assigned tab to see the added user-assigned identity.

You can use similar steps to enable an identity for an event grid domain.

Next steps

Add the identity to an appropriate role (for example, Service Bus Data Sender) on the destination (for example, a Service Bus queue). For detailed steps, see Grant managed identity the access to Event Grid destination.