A common problem for the developers while working for cloud based solutions, is to manage the credentials needed to connect to various services. Using Managed Identity, the need to store the credentials is eliminated. Using Managed Identities, Microsoft provides the mechanism to connect to the services that uses Azure Active Directory based authentication. Managed identities can be used to get the AD token to authenticate the request.

Types Of Managed Identities

There are two types of managed identities-

1. System Assigned Managed Identity– This allows to create a managed identity in Azure AD tied to service for which the ID is created. The lifecycle of this ID is directly dependent on the same of the service. If the service is deleted the System Assigned Managed ID is also deleted.
2. User Assigned Managed Identity– This allows the user to create a managed identity as an independent resource. We can create a Managed ID and assign it to one or more resources in Azure.

How it works

Essentially, the managed identities are Service Principal of special type internally. These can only be used with the Azure resources. When the managed ID is deleted, the internal SP is also removed automatically. Also when Managed Identity is created, the Managed Identity Resource Provides issues an internal certificate to that ID.

The following diagram shows the flow while accessing a Azure SQL DB from Azure Web App using Managed Identity:

System Assigned vs User Assigned Managed Identities

User assigned managed IDs are more efficient in various ways-

1. They are decoupled from the resource to which they are assigned.
2. They can be used with multiple resources.
3. User assigned managed IDs can be created and managed in advance.
4. If there is need that each resource should have its own ID with the need to get this ID deleted with the resource, you should go with System Assigned Managed Identity.

REFERENCES

• https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
• https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-managed-identities-work-vm
• https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/
• https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/managed-identity-best-practice-recommendations