Share via


az webapp identity

Manage web app's managed identity.

Commands

Name Description Type Status
az webapp identity assign

Assign managed identity to the web app.

Core GA
az webapp identity remove

Disable web app's managed identity.

Core GA
az webapp identity show

Display web app's managed identity.

Core GA

az webapp identity assign

Assign managed identity to the web app.

az webapp identity assign [--identities]
                          [--ids]
                          [--name]
                          [--resource-group]
                          [--role]
                          [--scope]
                          [--slot]
                          [--subscription]

Examples

assign local identity and assign a reader role to the current resource group.

az webapp identity assign -g MyResourceGroup -n MyUniqueApp --role reader --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/MyResourceGroup

enable identity for the web app.

az webapp identity assign -g MyResourceGroup -n MyUniqueApp

assign local identity and a user assigned identity to a webapp.

az webapp identity assign -g MyResourceGroup -n MyUniqueApp --identities [system] myAssignedId

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app. If left unspecified, a name will be randomly generated. You can configure the default using az configure --defaults web=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--role

Role name or id the managed identity will be assigned.

Property Value
Default value: Contributor
--scope

The scope the managed identity has access to.

--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az webapp identity remove

Disable web app's managed identity.

az webapp identity remove [--identities]
                          [--ids]
                          [--name]
                          [--resource-group]
                          [--slot]
                          [--subscription]

Examples

Disable web app's system managed identity

az webapp identity remove --name MyWebApp --resource-group MyResourceGroup

Disable web app's system managed identity and a user managed identity

az webapp identity remove --name MyWebApp --resource-group MyResourceGroup --identities [system] myAssignedId

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--identities

Space-separated identities to assign. Use '[system]' to refer to the system assigned identity. Default: '[system]'.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app. If left unspecified, a name will be randomly generated. You can configure the default using az configure --defaults web=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az webapp identity show

Display web app's managed identity.

az webapp identity show [--ids]
                        [--name]
                        [--resource-group]
                        [--slot]
                        [--subscription]

Examples

display webapp's managed identity (autogenerated)

az webapp identity show --name MyWebapp --resource-group MyResourceGroup

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property Value
Parameter group: Resource Id Arguments
--name -n

Name of the web app. If left unspecified, a name will be randomly generated. You can configure the default using az configure --defaults web=<name>.

Property Value
Parameter group: Resource Id Arguments
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property Value
Parameter group: Resource Id Arguments
--slot -s

The name of the slot. Default to the productions slot if not specified.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property Value
Parameter group: Resource Id Arguments
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False