Creating and Assigning Managed Identities Permissions Azure

This Microsoft Azure and Entra ID access management blog post will explain why using managed identities is a good idea and how to create one.

Microsoft-managed identities are a new generation of service accounts that do not require the management of secrets, certificates and keys. There is also no need to use a secrets management solution like Key Vault.

Microsoft Entra ID fully manages a managed identity account and can obtain authentication tokens automatically.

Managed identities do not require a rotation of credentials; they can be assigned to any resource in Azure.

Creating and Assigning Managed Identities Permissions Azure

In our case, we will create a managed identity account on a storage account on a VM and allow it to access an Azure storage account.

Open the VM in the Azure portal to create a managed identity for an Azure Virtual machine.

Click on Identity under Security

Select which type of managed identity you would like to assign.

System assigned

System-assigned identity is limited to one identity per resource but gets deleted when the resource is removed from Azure.

User assigned

A user-assigned identity can manage multiple resources and doesn’t get deleted when the resource gets deleted.

Access Resources

Once the identity has been created, it is time to use it and give it access. In our case, we created a system-assigned identity on a virtual machine (resource).

We will give the reader access to an Azure Key vault, as shown in the diagram below.

Open the Azure Key Vault resource

Click on Access Control (IAM)

Click Add

Select Add Role assignment

From the menu, select

Click Next

Click on Assign access to:

Managed identity

From the Select Members menu, locate the new identity and click Add.

After assigning the permissions, the VM can read secrets stored inside the Azure Key Vault.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.