Associate user assigned managed identity to logic app using PowerShell

Jérôme 90 Reputation points
2024-03-23T12:57:44.7566667+00:00

Hello,

I know how to Associate an user assigned managed identity to logic app in web interface but, I want to put the creation and the association in a script with PowerShell.

I have try to look in the result of 'Get-AzLogicApp' for a logic app with a managed identity. But I can't find any trace of the MI in the cmdlet result.

Does anyone know if there is a way to do it with powershell?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,827 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,032 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ryan Hill 25,476 Reputation points Microsoft Employee
    2024-03-25T19:28:09.91+00:00

    Hi @Jérôme,

    I don't believe the Az.LogicApp module supports setting a managed identity to the Logic App. If you still want to use PowerShell, then you'll have to go about in an ARM template fashion as explained in Enable system-assigned identity in an ARM template.

    You should be able to use Invoke-AzRestMethod command setting the path, i.e. /subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Logic/workflows/{logicappname}/ to the logic app and POSTing the parameters of the identity as a body. I couldn't find a specific example of this, but another option you could try is using New-AzResource to make the update. Same principal, you're manually updating the actual resource properties. It would look something like:

    $identityId = (Get-AzUserAssignedIdentity -ResourceGroupName <ResourceGroupName> -Name <IdentityName>).Id
    $logicAppResourceId = (Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>).ResourceId
    $identityType = "UserAssigned"
    $identity = @{
        type = $identityType
        userAssignedIdentities = @{
            $identityId = @{
                clientId = "<ClientIdOfTheIdentity>"
                principalId = "<PrincipalIdOfTheIdentity>"
            }
        }
    }
    
    New-AzResource -ResourceId $logicAppResourceId -Properties $identity -Force
    
    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Sedat SALMAN 13,070 Reputation points
    2024-03-23T14:24:24.9+00:00
    $subscriptionId = "<Your Subscription ID>"
    $resourceGroupName = "<Logic App Resource Group>"
    $logicAppName = "<Logic App Name>" 
    $userAssignedIdentityName = "<Managed Identity Name>"  
    
    # Get Resource IDs
    $userAssignedIdentityResourceId =  "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$userAssignedIdentityName"
    $logicAppResourceId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Logic/workflows/$logicAppName"
    
    
    
    # Assign the user-assigned identity to the Logic App
    Set-AzLogicApp -ResourceId $logicAppResourceId -IdentityType UserAssigned -Identity $userAssignedIdentityResourceId
    
    

    is it what you are looking for or please can you clarify what you need