Sign into Azure with a managed identity using the Azure CLI
On resources configured for managed identities for Azure resources, you can sign in using the managed identity. Here are some of the benefits of using managed identities:
- You don't need to manage credentials. Credentials aren’t even accessible to you.
- You can use managed identities to authenticate to any resource that supports Microsoft Entra authentication, including your own applications.
- Managed identities can be used at no extra cost.
Signing in with the resource's identity is done through the --identity
flag.
To sign in with a system-assigned managed identity:
az login --identity
To sign in with a user-assigned managed identity, you must specify the client ID, object ID or resource ID of the user-assigned managed identity with --username
:
az login --identity --username <client_id|object_id|resource_id>
To learn more about managed identities for Azure resources, see What are managed identities for Azure resources?.
Here are three articles showing the use of the az login --identity
command:
- How to use managed identities for Azure resources on an Azure VM for sign-in.
- Use an Azure managed identity to authenticate to an Azure container registry
- How to use managed identities with Azure container instances
Here are popular articles for specific Azure services that show how to work with managed identities using Azure CLI commands:
- Use a managed identity in Azure Kubernetes Service (AKS)
- How to use Azure managed identities for Azure Service and Azure functions
- Create an Azure SQL Managed Instance with a user-assigned managed identity
- How to use Managed Identity with Azure Communication Services
- Configure managed identities with Microsoft Entra ID for your Azure Cosmos DB account
See also
- A to Z list of Azure CLI reference commands that manage Azure identities.