Federated Identity Credentials - Create Or Update

Create or update a federated identity credential under the specified user assigned identity.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials/{federatedIdentityCredentialResourceName}?api-version=2023-01-31

URI Parameters

Name In Required Type Description
federatedIdentityCredentialResourceName
path True

string

The name of the federated identity credential resource.

Regex pattern: ^[a-zA-Z0-9]{1}[a-zA-Z0-9-_]{2,119}$

resourceGroupName
path True

string

The name of the Resource Group to which the identity belongs.

resourceName
path True

string

The name of the identity resource.

subscriptionId
path True

string

The Id of the Subscription to which the identity belongs.

api-version
query True

string

Version of API to invoke.

Request Body

Name Required Type Description
properties.audiences True

string[]

The list of audiences that can appear in the issued token.

properties.issuer True

string

The URL of the issuer to be trusted.

properties.subject True

string

The identifier of the external identity.

Responses

Name Type Description
200 OK

FederatedIdentityCredential

Updated federated identity credential.

201 Created

FederatedIdentityCredential

Created federated identity credential.

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

FederatedIdentityCredentialCreate

Sample request

PUT https://management.azure.com/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials/ficResourceName?api-version=2023-01-31

{
  "properties": {
    "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
    "subject": "system:serviceaccount:ns:svcaccount",
    "audiences": [
      "api://AzureADTokenExchange"
    ]
  }
}

Sample response

{
  "id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
  "name": "ficResourceName",
  "properties": {
    "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
    "subject": "system:serviceaccount:ns:svcaccount",
    "audiences": [
      "api://AzureADTokenExchange"
    ]
  },
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
}
{
  "id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
  "name": "ficResourceName",
  "properties": {
    "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
    "subject": "system:serviceaccount:ns:svcaccount",
    "audiences": [
      "api://AzureADTokenExchange"
    ]
  },
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
}

Definitions

Name Description
CloudError

An error response from the ManagedServiceIdentity service.

CloudErrorBody

An error response from the ManagedServiceIdentity service.

createdByType

The type of identity that created the resource.

FederatedIdentityCredential

Describes a federated identity credential.

systemData

Metadata pertaining to creation and last modification of the resource.

CloudError

An error response from the ManagedServiceIdentity service.

Name Type Description
error

CloudErrorBody

A list of additional details about the error.

CloudErrorBody

An error response from the ManagedServiceIdentity service.

Name Type Description
code

string

An identifier for the error.

details

CloudErrorBody[]

A list of additional details about the error.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

FederatedIdentityCredential

Describes a federated identity credential.

Name Type Description
id

string

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"

name

string

The name of the resource

properties.audiences

string[]

The list of audiences that can appear in the issued token.

properties.issuer

string

The URL of the issuer to be trusted.

properties.subject

string

The identifier of the external identity.

systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The timestamp of resource last modification (UTC)

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.