Azure Functions and Managed Service Identity
  • 09 Sep 2022
  • 1 Minute to read
  • Contributors
  • Comment
  • Dark
    Light
  • PDF

Azure Functions and Managed Service Identity

  • Comment
  • Dark
    Light
  • PDF

#ServerlessTips - Azure Functions
Author: Steef-Jan Wiggers Azure MVP

With a managed identity from Azure Active Directory (AAD) allows Azure Function App to access other AAD protected resources such as Key Vault. You can assign a system-assigned identity tied to your Function App. In the Azure Portal through platform features click Identity and switch System assigned to On. Next, click Save and the Function App will be registered with AAD.
Azure Function Tip 29 - Picture 1.png
Once the Function App is registered, you can grant permissions to access resources protected by Azure AD such as Azure Key Vault.
Azure Function Tip 29 - Picture 2.png

When you delete the Function App, the system-assigned managed identity tied to it will be removed too.

Besides a system-assigned managed identity, you can also opt to add a user-assigned identity to assign to your Function App. Moreover, you can assign multiple identities to your Function App, while you can only have one system assigned.

You can add system or user-assigned identities for Function Apps using the Portal as shown in the first picture. However, you could also use the Common Language Interface (CLI), PowerShell, or an ARM Template (see Microsoft Docs - How to use managed identities for App Service and Azure Functions).

Azure-functions.png


Was this article helpful?