When to use System Assigned Managed Identity and User Assigned Managed Identity

Its all about SAMI Vs UAMI

As we know that, we have 2 types of Managed Identities in Azure as shown below.

Managed Identity supports that its automatically managed with Azure active directory (Azure AD). It meant we can use this managed Identity in azure Services wherever Azure AD Supports for authentication.

Advantage with this managed Identity is we don’t need to store any credentials/secrets in our key vault or any configuration files.

System Assigned Managed Identity (SAMI):

This SAMI is created and managed by Azure itself , we don’t need to create it. We just need to enable status as “On” as below Under Managed Identities.

Note: Managed Identity is not available for all services in Azure, Its available mainly for PAAS services.

When we enable Managed Identity, Internally Azure creates Service Principle associate with same resource name.

Eg: When i search in azure portal with my resource name i.e. test-adf010101, it shown up service principle as well along with ADF so we can confirm that azure creates internally one service principle after enabling System Assigned Managed Identity and this Service Principle will be deleted whenever we delete associated resource i.e. ADF (test-adf010101) in this case

2. User Assigned Managed Identity (UAMI):

Unlike SAMI, this UAMI wont create by default. As name says as user Assigned, we need to create this Managed Identity by navigating to Managed Identities services as shown below.

Managed Identity Service

Similar to other resources how we create like adf, blob, Key vault etc in similar fashion, we need to create UAMI.

Once we create UAMI, azure internally creates service Principle for this as well.

Advantage of UAMI over SAMI is, we can use one UAMI in multiple resource for authentication however SAMI is tightly coupled with original resource (in our case its adf) .

In Summary, advantage of this SAMI or UAMI is securely connect to other azure services without exposing any secret etc.

Hope you enjoyed this article, Thankyou for your reading.