Azure Functions and Managed Service Identity
    • Dark
      Light
    • PDF

    Azure Functions and Managed Service Identity

    • Dark
      Light
    • PDF

    Article Summary

    #ServerlessTips - Azure Functions
    Author: Steef-Jan Wiggers Azure MVP

    With a managed identity from Azure Active Directory (AAD) allows Azure Function App to access other AAD protected resources such as Key Vault. You can assign a system-assigned identity tied to your Function App. In the Azure Portal through platform features click Identity and switch System assigned to On. Next, click Save and the Function App will be registered with AAD.
    Azure Function Tip 29 - Picture 1.png
    Once the Function App is registered, you can grant permissions to access resources protected by Azure AD such as Azure Key Vault.
    Azure Function Tip 29 - Picture 2.png

    When you delete the Function App, the system-assigned managed identity tied to it will be removed too.

    Besides a system-assigned managed identity, you can also opt to add a user-assigned identity to assign to your Function App. Moreover, you can assign multiple identities to your Function App, while you can only have one system assigned.

    You can add system or user-assigned identities for Function Apps using the Portal as shown in the first picture. However, you could also use the Common Language Interface (CLI), PowerShell, or an ARM Template (see Microsoft Docs - How to use managed identities for App Service and Azure Functions).


    Was this article helpful?