Skip to content

Latest commit

 

History

History
46 lines (33 loc) · 2.63 KB

how-to-assign-app-role-managed-identity.md

File metadata and controls

46 lines (33 loc) · 2.63 KB
title description author manager ms.service ms.subservice ms.topic ms.tgt_pltfrm ms.date ms.author ms.custom appliesto zone_pivot_groups
Assign a managed identity to an application role
Step-by-step instructions for assigning a managed identity access to another application's role.
rwike77
CelesteDG
entra-id
managed-identities
how-to
na
03/14/2025
ryanwi
has-azure-ad-ps-ref, devx-track-azurepowershell, devx-track-azurecli
identity-mi-app-role

Assign a managed identity access to an application role

Managed identities for Azure resources provide Azure services with an identity in Microsoft Entra ID. They work without needing credentials in your code. Azure services use this identity to authenticate to services that support Microsoft Entra authentication. Application roles provide a form of role-based access control, and allow a service to implement authorization rules.

Note

The tokens your application receives are cached by the underlying infrastructure. This means that any changes to the managed identity's roles can take significant time to process. For more information, see Limitation of using managed identities for authorization.

In this article, you'll learn how to assign a managed identity to an application role exposed by another application using the Microsoft Graph PowerShell SDK or Azure CLI.

Prerequisites

::: zone pivot="identity-mi-app-role-powershell" [!INCLUDE how-to-assign-app-role-managed-identity-powershell] ::: zone-end

::: zone pivot="identity-mi-app-role-cli" [!INCLUDE how-to-assign-app-role-managed-identity-cli] ::: zone-end

Next steps