Group multiple managed identities into one group for role-assignment

Sagi Yagen 1 Reputation point
2021-04-26T17:30:11.77+00:00

Hi,
I have a use case that I would like to check if it's possible to implement on our environment:
We are using a lot of logic apps (playbooks) which needs an access to a specific storage account in the same resource group.
I want to implement a solution to group all logic apps managed identities into one system-managed identity that will have the "storage account contributor" role.
The purpose is to add them by some condition if they start with the same name for example: LogicApp-1, LogicApp-2 (starts with "LogicApp"), and maybe to allow it to be dynamically so every time a new Logic App will be created with this convention it will automatically be part of this group that has access to the storage account.
They all have access to the storage account as long that the storage account is open to all networks which we want it to be open only to Microsoft services.

Any suggestions where to start?

Thanks,
Sagi.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,670 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,829 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
660 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pramod Valavala 20,516 Reputation points Microsoft Employee
    2021-04-27T07:43:23.92+00:00

    @Sagi Yagen While you can't group them as a single system-managed identity, you can add them into an Azure AD Group, which you could use for role assignment.

    The steps would be the same as if you were handling users. Here is what you need to do at a high level

    1. Create Azure AD Group
    2. Add Managed Identities to created group
    3. Assign required role to group
    0 comments