DEV Community

Avelyn Hyunjeong Choi
Avelyn Hyunjeong Choi

Posted on

System assigned vs User assigned identity in Azure

User assigned identity

  • let the function app to read/manage azure resources
  • can be assigned to multiple resources and we have more flexibility when using user-assigned identity

System assigned identity

  • let the function app to connect to sql db using its own identity instead of username + password, which is less secure
  • solely used by one resource
  • with this, SQL_CONNECTION_STRING in configuration doesn't require to contain username or password. Instead, it sets Authentication to Active Directory Managed Identity
  • to be able to use this, you should

1.enable function app system assigned identity by clicking Identity> Status On

Image description

2.add user assigned identity

Image description

***NOTE: make sure to change IdentityId in configuration to the client (applicaton) Id of the user assigned identity

Image description

Image description

Image description

3.update SQL_CONNECTION_STRING in configuration to use Active Directory Managed Identity

Image description

4.In sql db, create a function app as sql user and make it as db_owner

CREATE USER [function app name] 
FROM EXTERNAL PROVIDER 
WITH DEFAULT_SCHEMA = dbo;  

ALTER ROLE db_owner ADD MEMBER [function app name];
Enter fullscreen mode Exit fullscreen mode

5.you can test your function code by clicking your function app > Code+Test > Test/Run > Run

Image description

6.you can see the result by clicking Monitor

Image description

Top comments (0)