Federated Identity Credentials - Create Or Update
Create or update a federated identity credential under the specified user assigned identity.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials/{federatedIdentityCredentialResourceName}?api-version=2023-01-31
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
federated
|
path | True |
string |
The name of the federated identity credential resource. Regex pattern: |
resource
|
path | True |
string |
The name of the Resource Group to which the identity belongs. |
resource
|
path | True |
string |
The name of the identity resource. |
subscription
|
path | True |
string |
The Id of the Subscription to which the identity belongs. |
api-version
|
query | True |
string |
Version of API to invoke. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.audiences | True |
string[] |
The list of audiences that can appear in the issued token. |
properties.issuer | True |
string |
The URL of the issuer to be trusted. |
properties.subject | True |
string |
The identifier of the external identity. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Updated federated identity credential. |
|
201 Created |
Created federated identity credential. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
FederatedIdentityCredentialCreate
Sample request
PUT https://management.azure.com/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials/ficResourceName?api-version=2023-01-31
{
"properties": {
"issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
"subject": "system:serviceaccount:ns:svcaccount",
"audiences": [
"api://AzureADTokenExchange"
]
}
}
Sample response
{
"id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
"name": "ficResourceName",
"properties": {
"issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
"subject": "system:serviceaccount:ns:svcaccount",
"audiences": [
"api://AzureADTokenExchange"
]
},
"type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
}
{
"id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
"name": "ficResourceName",
"properties": {
"issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
"subject": "system:serviceaccount:ns:svcaccount",
"audiences": [
"api://AzureADTokenExchange"
]
},
"type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
}
Definitions
Name | Description |
---|---|
Cloud |
An error response from the ManagedServiceIdentity service. |
Cloud |
An error response from the ManagedServiceIdentity service. |
created |
The type of identity that created the resource. |
Federated |
Describes a federated identity credential. |
system |
Metadata pertaining to creation and last modification of the resource. |
CloudError
An error response from the ManagedServiceIdentity service.
Name | Type | Description |
---|---|---|
error |
A list of additional details about the error. |
CloudErrorBody
An error response from the ManagedServiceIdentity service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. |
details |
A list of additional details about the error. |
|
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
target |
string |
The target of the particular error. For example, the name of the property in error. |
createdByType
The type of identity that created the resource.
Name | Type | Description |
---|---|---|
Application |
string |
|
Key |
string |
|
ManagedIdentity |
string |
|
User |
string |
FederatedIdentityCredential
Describes a federated identity credential.
Name | Type | Description |
---|---|---|
id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name |
string |
The name of the resource |
properties.audiences |
string[] |
The list of audiences that can appear in the issued token. |
properties.issuer |
string |
The URL of the issuer to be trusted. |
properties.subject |
string |
The identifier of the external identity. |
systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
systemData
Metadata pertaining to creation and last modification of the resource.
Name | Type | Description |
---|---|---|
createdAt |
string |
The timestamp of resource creation (UTC). |
createdBy |
string |
The identity that created the resource. |
createdByType |
The type of identity that created the resource. |
|
lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
lastModifiedBy |
string |
The identity that last modified the resource. |
lastModifiedByType |
The type of identity that last modified the resource. |