Share via


az identity federated-credential

Manage federated identity credentials under user assigned identities.

Commands

Name Description Type Status
az identity federated-credential create

Create a federated identity credential under an existing user assigned identity.

Core GA
az identity federated-credential delete

Delete a federated identity credential under an existing user assigned identity.

Core GA
az identity federated-credential list

List all federated identity credentials under an existing user assigned identity.

Core GA
az identity federated-credential show

Show a federated identity credential under an existing user assigned identity.

Core GA
az identity federated-credential update

Update a federated identity credential under an existing user assigned identity.

Core GA

az identity federated-credential create

Create a federated identity credential under an existing user assigned identity.

az identity federated-credential create --identity-name
                                        --name
                                        --resource-group
                                        [--audiences]
                                        [--issuer]
                                        [--subject]

Examples

Create a federated identity credential under a specific user assigned identity.

az identity federated-credential create --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences

Required Parameters

--identity-name

The name of the identity resource.

--name -n

The name of the federated identity credential resource.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--audiences

The aud value in the token sent to Azure for getting the user-assigned managed identity token. The value configured in the federated credential and the one in the incoming token must exactly match for Azure to issue the access token.

--issuer

The openId connect metadata URL of the issuer of the identity provider that Azure AD would use in the token exchange protocol for validating tokens before issuing a token as the user-assigned managed identity.

--subject

The sub value in the token sent to Azure AD for getting the user-assigned managed identity token. The value configured in the federated credential and the one in the incoming token must exactly match for Azure AD to issue the access token.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az identity federated-credential delete

Delete a federated identity credential under an existing user assigned identity.

az identity federated-credential delete --identity-name
                                        --name
                                        --resource-group
                                        [--yes]

Examples

Delete a federated identity credential under a specific user assigned identity.

az identity federated-credential delete --name myFicName --identity-name myIdentityName --resource-group myResourceGroup

Required Parameters

--identity-name

The name of the identity resource.

--name -n

The name of the federated identity credential resource.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az identity federated-credential list

List all federated identity credentials under an existing user assigned identity.

az identity federated-credential list --identity-name
                                      --resource-group

Examples

List all federated identity credentials under an existing user assigned identity.

az identity federated-credential list --identity-name myIdentityName --resource-group myResourceGroup

Required Parameters

--identity-name

The name of the identity resource.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az identity federated-credential show

Show a federated identity credential under an existing user assigned identity.

az identity federated-credential show --identity-name
                                      --name
                                      --resource-group

Examples

Show a federated identity credential under a specific user assigned identity.

az identity federated-credential show --name myFicName --identity-name myIdentityName --resource-group myResourceGroup

Required Parameters

--identity-name

The name of the identity resource.

--name -n

The name of the federated identity credential resource.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az identity federated-credential update

Update a federated identity credential under an existing user assigned identity.

az identity federated-credential update --identity-name
                                        --name
                                        --resource-group
                                        [--audiences]
                                        [--issuer]
                                        [--subject]

Examples

Update a federated identity credential under a specific user assigned identity.

az identity federated-credential update --name myFicName --identity-name myIdentityName --resource-group myResourceGroup --issuer myIssuer --subject mySubject --audiences myAudiences

Required Parameters

--identity-name

The name of the identity resource.

--name -n

The name of the federated identity credential resource.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--audiences

The aud value in the token sent to Azure for getting the user-assigned managed identity token. The value configured in the federated credential and the one in the incoming token must exactly match for Azure to issue the access token.

--issuer

The openId connect metadata URL of the issuer of the identity provider that Azure AD would use in the token exchange protocol for validating tokens before issuing a token as the user-assigned managed identity.

--subject

The sub value in the token sent to Azure AD for getting the user-assigned managed identity token. The value configured in the federated credential and the one in the incoming token must exactly match for Azure AD to issue the access token.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.