Create an Azure SQL Managed Instance with a user-assigned managed identity
Applies to: Azure SQL Managed Instance
If you are looking for a guide on Azure SQL Database, see Create an Azure SQL logical server using a user-assigned managed identity
This how-to guide outlines the steps to create an Azure SQL Managed Instance with a user-assigned managed identity. For more information on the benefits of using a user-assigned managed identity for the server identity in Azure SQL Database, see User-assigned managed identity in Azure AD for Azure SQL.
- To provision a Managed Instance with a user-assigned managed identity, the SQL Managed Instance Contributor role (or a role with greater permissions), along with an Azure RBAC role containing the following action is required:
- Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action - For example, the Managed Identity Operator has this action.
- Create a user-assigned managed identity and assign it the necessary permission to be a server or managed instance identity. For more information, see Manage user-assigned managed identities and user-assigned managed identity permissions for Azure SQL.
- Az.Sql module 3.4 or higher is required when using PowerShell for user-assigned managed identities.
- The Azure CLI 2.26.0 or higher is required to use the Azure CLI with user-assigned managed identities.
- For a list of limitations and known issues with using user-assigned managed identity, see User-assigned managed identity in Azure AD for Azure SQL
Browse to the Select SQL deployment option page in the Azure portal.
If you aren't already signed in to Azure portal, sign in when prompted.
Under SQL managed instances, leave Resource type set to Single instance, and select Create.
Fill out the mandatory information required on the Basics tab for Project details and Managed Instance details. This is a minimum set of information required to provision a SQL Managed Instance.
For more information on the configuration options, see Quickstart: Create an Azure SQL Managed Instance.
Next, go through the Networking tab configuration, or leave the default settings.
On the Security tab, under Identity, select Configure Identities.
On the Identity blade, under User assigned managed identity, select Add. Select the desired Subscription and then under User assigned managed identities select the desired user assigned managed identity from the selected subscription. Then select the Select button.
Under Primary identity, select the same user-assigned managed identity selected in the previous step.
If the system-assigned managed identity is the primary identity, the Primary identity field must be empty.
You can leave the rest of the settings default. For more information on other tabs and settings, follow the guide in the article Quickstart: Create an Azure SQL Managed Instance.
Once you are done with configuring your settings, select Review + create to proceed. Select Create to start provisioning the managed instance.
Submit and view feedback for