Limit User managed identity to be used within a Subscription

Gaurav Verma 1 Reputation point
2020-01-31T01:33:32.197+00:00

We have multiple teams within our organisation. Each team have their own Azure subscription under the same AAD tenancy.

Our requirement is to

  1. Create User managed Identity and permissions assigned.
  2. Limit the usage of the User managed identity to be allowed only in a specific subscription.

The above are once of activity done by the infra team who have rights write access to AAD.

Once user managed identity is created we want to use it to assign to the worker nodes spun up by Jenkins to perform automation tasks. This action will be done by application teams who don't have write access to AAD.

We do not want to use system identity as its created every time and application teams don't have rights to assign permissions to identity.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,898 questions
Azure Active Directory Priviledged Identity Management
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Somnath Shukla 406 Reputation points
    2020-02-07T11:20:05.527+00:00

    I think you can use root management groups. and you can assign identities to particular subscription
    https://learn.microsoft.com/en-us/azure/governance/management-groups/overview

    0 comments