2

Setting a system-assigned managed identity in Azure API management is easy - just flip the toggle in the blade, or use the following code snippet in your ARM template

"identity" : {
    "type" : "SystemAssigned"
}

However, I have several instances of API management, and I want them all to use the same identity, for which the normal Azure solution is a user-assigned MSI.

However, I can't find anything that suggests how to add a reference to a user-assigned MSI to my Azure APIM instance or to set it up in the portal.

GarethJ
  • 6,496
  • 32
  • 42

2 Answers2

2

This is currently in Preview. Here is the link to the official documentation:

Services that support managed identities for Azure resources

Community
  • 1
  • 1
Thomas
  • 24,234
  • 6
  • 81
  • 125
  • Update: It is now implemented and in "Preview", but having tried it out, it is not being made use of when e.g. retrieving certificate from a Key Vault, in which context only the System Assigned identity is used. – sirlatrom May 06 '20 at 08:42
1

User Assigned Managed Identity for API management is not yet supported

enter image description here

If you want to read more or check supported service feel free to check my article on Managed Identities https://marczak.io/posts/2019/07/securing-websites-with-msi/

Adam Marczak
  • 2,257
  • 9
  • 20
  • 1
    The feature is being worked on right now, so expect it soon. – Vitaliy Kurokhtin Aug 30 '19 at 09:23
  • I wonder why my response is being downvoted even if it answers OP question. – Adam Marczak Aug 30 '19 at 23:14
  • It seems that is supported for App Services. However, I cant make it work. I'm using ARM template to provision an App Service and link it to an existing user-assigned managed identity but in the best case the App Service is provisioned but without any identities linked. – MauriR Nov 21 '19 at 19:19
  • @MauriR Refer to [this documentation](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#using-the-rest-protocol) on how to choose a user-assigned identity for an App Service. Note that you _must_ provide one or more of the `client_id`, `principal_id` or `mi_res_id` query parameters or else the system assigned identity is used. – sirlatrom May 06 '20 at 08:59