Associate user assigned managed identity to logic app using PowerShell

Jérôme 90 Reputation points


I know how to Associate an user assigned managed identity to logic app in web interface but, I want to put the creation and the association in a script with PowerShell.

I have try to look in the result of 'Get-AzLogicApp' for a logic app with a managed identity. But I can't find any trace of the MI in the cmdlet result.

Does anyone know if there is a way to do it with powershell?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,827 questions
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,032 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ryan Hill 25,476 Reputation points Microsoft Employee

    Hi @Jérôme,

    I don't believe the Az.LogicApp module supports setting a managed identity to the Logic App. If you still want to use PowerShell, then you'll have to go about in an ARM template fashion as explained in Enable system-assigned identity in an ARM template.

    You should be able to use Invoke-AzRestMethod command setting the path, i.e. /subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Logic/workflows/{logicappname}/ to the logic app and POSTing the parameters of the identity as a body. I couldn't find a specific example of this, but another option you could try is using New-AzResource to make the update. Same principal, you're manually updating the actual resource properties. It would look something like:

    $identityId = (Get-AzUserAssignedIdentity -ResourceGroupName <ResourceGroupName> -Name <IdentityName>).Id
    $logicAppResourceId = (Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>).ResourceId
    $identityType = "UserAssigned"
    $identity = @{
        type = $identityType
        userAssignedIdentities = @{
            $identityId = @{
                clientId = "<ClientIdOfTheIdentity>"
                principalId = "<PrincipalIdOfTheIdentity>"
    New-AzResource -ResourceId $logicAppResourceId -Properties $identity -Force
    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Sedat SALMAN 13,070 Reputation points
    $subscriptionId = "<Your Subscription ID>"
    $resourceGroupName = "<Logic App Resource Group>"
    $logicAppName = "<Logic App Name>" 
    $userAssignedIdentityName = "<Managed Identity Name>"  
    # Get Resource IDs
    $userAssignedIdentityResourceId =  "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$userAssignedIdentityName"
    $logicAppResourceId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Logic/workflows/$logicAppName"
    # Assign the user-assigned identity to the Logic App
    Set-AzLogicApp -ResourceId $logicAppResourceId -IdentityType UserAssigned -Identity $userAssignedIdentityResourceId

    is it what you are looking for or please can you clarify what you need