Document Details
Api Management Howto Use Managed Service Identity
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_tools
⚠️
missing_linux_example
⚠️
windows_first
Summary:
The documentation page demonstrates a Windows bias by providing only Azure PowerShell examples for command-line operations, referencing PowerShell installation, and omitting equivalent Azure CLI (cross-platform) or Bash examples. The PowerShell approach is presented before any mention of ARM templates, and there is no guidance for users on Linux or macOS systems. No Linux-specific tools, shell commands, or cross-platform scripting options are discussed.
Recommendations:
- Add Azure CLI examples alongside PowerShell for all command-line operations, as Azure CLI is cross-platform and widely used on Linux and macOS.
- When introducing command-line options, present both PowerShell and Azure CLI alternatives, or at least mention that both are supported.
- Include explicit instructions or notes for Linux/macOS users, such as how to install and use Azure CLI or run ARM template deployments from Bash.
- Avoid referencing only Windows-specific tools (like PowerShell) in installation instructions; provide parity for Bash/CLI environments.
- Consider reordering sections so that cross-platform solutions (Azure CLI, ARM templates) are not always presented after Windows-centric ones.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
| 2025-07-12 00:58 | #8 | cancelled | ✅ Clean |
| 2025-07-10 05:06 | #7 | processing | ✅ Clean |
| 2025-07-09 23:22 | #6 | cancelled | ✅ Clean |
Flagged Code Snippets
### Store and manage named values from Key Vault
You can use a system-assigned managed identity to access Key Vault to store and manage secrets for use in API Management policies. For more information, see [Use named values in Azure API Management policies](api-management-howto-properties.md).
### Authenticate to a backend by using an API Management identity
You can use the system-assigned identity to authenticate to a backend service via the [authentication-managed-identity](authentication-managed-identity-policy.md) policy.
### Connect to Azure resources behind an IP firewall by using a system-assigned managed identity
API Management is a trusted Microsoft service to the following resources. This trusted status enables the service to connect to the following resources behind a firewall. After you explicitly assign the appropriate Azure role to the [system-assigned managed identity](../active-directory/managed-identities-azure-resources/overview.md) for a resource instance, the scope of access for the instance corresponds to the Azure role that's assigned to the managed identity.
- [Trusted access for Key Vault](/azure/key-vault/general/overview-vnet-service-endpoints#trusted-services)
- [Trusted access for Azure Storage](../storage/common/storage-network-security.md?tabs=azure-portal#trusted-access-based-on-system-assigned-managed-identity)
- [Trusted access for Azure Services Bus](../service-bus-messaging/service-bus-ip-filtering.md#trusted-microsoft-services)
- [Trusted access for Azure Event Hubs](../event-hubs/event-hubs-ip-filtering.md#trusted-microsoft-services)
### Log events to an event hub
You can configure and use a system-assigned managed identity to access an event hub to log events from an API Management instance. For more information, see [How to log events to Event Hubs in Azure API Management](api-management-howto-log-event-hubs.md).
## Create a user-assigned managed identity
> [!NOTE]
> You can associate an API Management instance with as many as 10 user-assigned managed identities.
### Azure portal
To set up a managed identity in the portal, you must first create an API Management instance and [create a user-assigned identity](../active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md). Then complete the following steps.
1. Go to your API Management instance in the portal.
1. In the left menu, under **Security**, select **Managed identities**.
1. On the **User assigned** tab, select **Add**.
1. Search for the identity that you created earlier and select it. Select **Add**.
:::image type="content" source="./media/api-management-howto-use-managed-service-identity/enable-user-assigned-identity.png" alt-text="Screenshot that shows how to enable a user-assigned managed identity." border="true" lightbox="./media/api-management-howto-use-managed-service-identity/enable-user-assigned-identity.png":::
### Azure PowerShell
[!INCLUDE [updated-for-az](~/reusable-content/ce-skilling/azure/includes/updated-for-az.md)]
The following steps lead you through creating an API Management instance and assigning it an identity by using Azure PowerShell.
1. If you need to, install Azure PowerShell by following the instructions in the [Azure PowerShell guide](/powershell/azure/install-azure-powershell). Then run `Connect-AzAccount` to create a connection with Azure.
1. Use the following code to create the instance. For more examples of how to use Azure PowerShell with API Management, see [API Management PowerShell samples](powershell-samples.md).
You can also update an existing service to assign an identity to the service: