| title | Manage user-assigned managed identities using the Azure portal |
|---|---|
| description | Manage user-assigned managed identities using the Azure portal. |
| ms.topic | how-to |
| ms.date | 09/09/2025 |
[!INCLUDE introduction-section]
In this article, you learn how to create, list, delete, or assign a role to a user-assigned managed identity by using the Azure portal.
- If you're unfamiliar with managed identities for Azure resources, check out the overview section. Be sure to review the difference between a system-assigned and user-assigned managed identity.
- If you don't already have an Azure account, sign up for a free account before you continue.
To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.
-
Sign in to the Azure portal.
-
In the search box, enter Managed Identities. Under Services, select Managed Identities.
-
Select Add, and enter values in the following boxes in the Create User Assigned Managed Identity pane:
- Subscription: Choose the subscription to create the user-assigned managed identity under.
- Resource group: Choose a resource group to create the user-assigned managed identity in, or select Create new to create a new resource group.
- Region: Choose a region to deploy the user-assigned managed identity, for example, West US.
- Name: Enter the name for your user-assigned managed identity, for example, UAI1.
[!INCLUDE ua-character-limit]
:::image type="content" source="media/how-manage-user-assigned-managed-identities/create-user-assigned-managed-identity-portal.png" alt-text="Screenshot that shows the Create User Assigned Managed Identity pane.":::
-
Select Review + create to review the changes.
-
Select Create.
To list or read a user-assigned managed identity, your account needs to have either Managed Identity Operator or Managed Identity Contributor role assignments.
-
Sign in to the Azure portal.
-
In the search box, enter Managed Identities. Under Services, select Managed Identities.
-
A list of the user-assigned managed identities for your subscription is returned. To see the details of a user-assigned managed identity, select its name.
-
You can now view the details about the managed identity as shown in the image.
:::image type="content" source="media/how-manage-user-assigned-managed-identities/list-user-assigned-managed-identity-portal.png" alt-text="Screenshot that shows the list of user-assigned managed identity.":::
To delete a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment. Deleting a user-assigned identity doesn't remove it from the resource it was assigned to.
-
Sign in to the Azure portal.
-
Select the user-assigned managed identity, and select Delete.
-
Under the confirmation box, select Yes.
:::image type="content" source="media/how-manage-user-assigned-managed-identities/delete-user-assigned-managed-identity-portal.png" alt-text="Screenshot that shows the Delete user-assigned managed identities.":::
In some environments, administrators choose to limit who can manage user-assigned managed identities. Administrators can implement this limitation using built-in RBAC roles. You can use these roles to grant a user or group in your organization rights over a user-assigned managed identity.
-
Sign in to the Azure portal.
-
In the search box, enter Managed Identities. Under Services, select Managed Identities.
-
A list of the user-assigned managed identities for your subscription is returned. Select the user-assigned managed identity that you want to manage.
-
Select Access control (IAM).
-
Choose Add role assignment.
:::image type="content" source="media/how-manage-user-assigned-managed-identities/role-assign.png" alt-text="Screenshot that shows the user-assigned managed identity access control screen.":::
-
In the Add role assignment pane, choose the role to assign and choose Next.
-
Choose who should have the role assigned.
Assign a managed identity access to a resource by using the Azure portal