- Print
- DarkLight
- PDF
Azure Functions and Managed Service Identity
- Print
- DarkLight
- PDF
With a managed identity from Azure Active Directory (AAD) allows Azure Function App to access other AAD protected resources such as Key Vault. You can assign a system-assigned identity tied to your Function App. In the Azure Portal through platform features click Identity and switch System assigned to On. Next, click Save and the Function App will be registered with AAD.
Once the Function App is registered, you can grant permissions to access resources protected by Azure AD such as Azure Key Vault.
When you delete the Function App, the system-assigned managed identity tied to it will be removed too.
Besides a system-assigned managed identity, you can also opt to add a user-assigned identity to assign to your Function App. Moreover, you can assign multiple identities to your Function App, while you can only have one system assigned.
You can add system or user-assigned identities for Function Apps using the Portal as shown in the first picture. However, you could also use the Common Language Interface (CLI), PowerShell, or an ARM Template (see Microsoft Docs - How to use managed identities for App Service and Azure Functions).