Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The userAssignedIdentities/federatedIdentityCredentials resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2025-01-31-preview' = {
parent: resourceSymbolicName
name: 'string'
properties: {
audiences: [
'string'
]
claimsMatchingExpression: {
languageVersion: int
value: 'string'
}
issuer: 'string'
subject: 'string'
}
}
Property Values
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9]{1}[a-zA-Z0-9-_]{2,119}$ (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: userAssignedIdentities |
| properties | The properties associated with the federated identity credential. | FederatedIdentityCredentialProperties |
FederatedIdentityCredentialProperties
| Name | Description | Value |
|---|---|---|
| audiences | The list of audiences that can appear in the issued token. | string[] (required) |
| claimsMatchingExpression | Object for defining the allowed identifiers of external identities. Either 'subject' or 'claimsMatchingExpression' must be defined, but not both. | FederatedIdentityCredentialPropertiesClaimsMatchingExpression |
| issuer | The URL of the issuer to be trusted. | string (required) |
| subject | The identifier of the external identity. Either 'subject' or 'claimsMatchingExpression' must be defined, but not both. | string |
FederatedIdentityCredentialPropertiesClaimsMatchingExpression
| Name | Description | Value |
|---|---|---|
| languageVersion | Specifies the version of the flexible fic language used in the expression. | int (required) |
| value | Wildcard-based expression for matching incoming subject claims. | string (required) |
Usage Examples
Bicep Samples
A basic example of deploying Federated Identity Credential.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource userAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
name: resourceName
location: location
}
resource federatedIdentityCredential 'Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2022-01-31-preview' = {
parent: userAssignedIdentity
name: resourceName
location: location
properties: {
audiences: [
'foo'
]
issuer: 'https://foo'
subject: 'foo'
}
}
ARM template resource definition
The userAssignedIdentities/federatedIdentityCredentials resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials resource, add the following JSON to your template.
{
"type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials",
"apiVersion": "2025-01-31-preview",
"name": "string",
"properties": {
"audiences": [ "string" ],
"claimsMatchingExpression": {
"languageVersion": "int",
"value": "string"
},
"issuer": "string",
"subject": "string"
}
}
Property Values
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-01-31-preview' |
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9]{1}[a-zA-Z0-9-_]{2,119}$ (required) |
| properties | The properties associated with the federated identity credential. | FederatedIdentityCredentialProperties |
| type | The resource type | 'Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials' |
FederatedIdentityCredentialProperties
| Name | Description | Value |
|---|---|---|
| audiences | The list of audiences that can appear in the issued token. | string[] (required) |
| claimsMatchingExpression | Object for defining the allowed identifiers of external identities. Either 'subject' or 'claimsMatchingExpression' must be defined, but not both. | FederatedIdentityCredentialPropertiesClaimsMatchingExpression |
| issuer | The URL of the issuer to be trusted. | string (required) |
| subject | The identifier of the external identity. Either 'subject' or 'claimsMatchingExpression' must be defined, but not both. | string |
FederatedIdentityCredentialPropertiesClaimsMatchingExpression
| Name | Description | Value |
|---|---|---|
| languageVersion | Specifies the version of the flexible fic language used in the expression. | int (required) |
| value | Wildcard-based expression for matching incoming subject claims. | string (required) |
Usage Examples
Terraform (AzAPI provider) resource definition
The userAssignedIdentities/federatedIdentityCredentials resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2025-01-31-preview"
name = "string"
parent_id = "string"
body = {
properties = {
audiences = [
"string"
]
claimsMatchingExpression = {
languageVersion = int
value = "string"
}
issuer = "string"
subject = "string"
}
}
}
Property Values
Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials
| Name | Description | Value |
|---|---|---|
| name | The resource name | string Constraints: Pattern = ^[a-zA-Z0-9]{1}[a-zA-Z0-9-_]{2,119}$ (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: userAssignedIdentities |
| properties | The properties associated with the federated identity credential. | FederatedIdentityCredentialProperties |
| type | The resource type | "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2025-01-31-preview" |
FederatedIdentityCredentialProperties
| Name | Description | Value |
|---|---|---|
| audiences | The list of audiences that can appear in the issued token. | string[] (required) |
| claimsMatchingExpression | Object for defining the allowed identifiers of external identities. Either 'subject' or 'claimsMatchingExpression' must be defined, but not both. | FederatedIdentityCredentialPropertiesClaimsMatchingExpression |
| issuer | The URL of the issuer to be trusted. | string (required) |
| subject | The identifier of the external identity. Either 'subject' or 'claimsMatchingExpression' must be defined, but not both. | string |
FederatedIdentityCredentialPropertiesClaimsMatchingExpression
| Name | Description | Value |
|---|---|---|
| languageVersion | Specifies the version of the flexible fic language used in the expression. | int (required) |
| value | Wildcard-based expression for matching incoming subject claims. | string (required) |
Usage Examples
Terraform Samples
A basic example of deploying Federated Identity Credential.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "userAssignedIdentity" {
type = "Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
}
resource "azapi_resource" "federatedIdentityCredential" {
type = "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials@2022-01-31-preview"
parent_id = azapi_resource.userAssignedIdentity.id
name = var.resource_name
location = var.location
body = {
properties = {
issuer = "https://foo"
subject = "foo"
audiences = ["foo"]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}