title | description | author | manager | ms.service | ms.subservice | ms.topic | ms.tgt_pltfrm | ms.date | ms.author | ms.custom | appliesto | zone_pivot_groups |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Assign a managed identity to an application role | Step-by-step instructions for assigning a managed identity access to another application's role. | rwike77 | CelesteDG | entra-id | managed-identities | how-to | na | 03/14/2025 | ryanwi | has-azure-ad-ps-ref, devx-track-azurepowershell, devx-track-azurecli | identity-mi-app-role |
Managed identities for Azure resources provide Azure services with an identity in Microsoft Entra ID. They work without needing credentials in your code. Azure services use this identity to authenticate to services that support Microsoft Entra authentication. Application roles provide a form of role-based access control, and allow a service to implement authorization rules.
Note
The tokens your application receives are cached by the underlying infrastructure. This means that any changes to the managed identity's roles can take significant time to process. For more information, see Limitation of using managed identities for authorization.
In this article, you'll learn how to assign a managed identity to an application role exposed by another application using the Microsoft Graph PowerShell SDK or Azure CLI.
- If you're unfamiliar with managed identities for Azure resources, see Managed identity for Azure resources overview.
- Review the difference between a system-assigned and user-assigned managed identity.
- If you don't already have an Azure account, sign up for a free account before continuing.
::: zone pivot="identity-mi-app-role-powershell" [!INCLUDE how-to-assign-app-role-managed-identity-powershell] ::: zone-end
::: zone pivot="identity-mi-app-role-cli" [!INCLUDE how-to-assign-app-role-managed-identity-cli] ::: zone-end
- Managed identity for Azure resources overview
- To enable managed identity on an Azure VM, see Configure managed identities for Azure resources on an Azure VM.