Skip to content

Use managed identity for authentication#

Security · Automation Account · Azure.Automation.ManagedIdentity

Ensure managed identity is used for authentication.

Description#

Azure automation can use managed identities to authenticate to Azure resources without storing credentials.

Using managed identities have the following benefits:

  • Using a managed identity instead of the Automation Run As account simplifies management. You don't have to renew the certificate used by a Run As account.
  • Managed identities can be used without any additional cost.
  • You don't have to specify the Run As connection object in your runbook code. You can access resources using your Automation account's managed identity from a runbook without creating certificates, connections, Run As accounts, etc.

Recommendation#

Consider configure a managed identity for each Automation Account.

Examples#

Configure with Azure template#

To set managed identity for an automation account

  • Set identity.type to SystemAssigned or UserAssigned.

For example:

{
    "type": "Microsoft.Automation/automationAccounts",
    "apiVersion": "2021-06-22",
    "name": "[parameters('automation_account_name')]",
    "location": "australiaeast",
    "identity": {
        "type": "SystemAssigned"
    },
    "properties": {
        "disableLocalAuth": false,
        "sku": {
            "name": "Basic"
        },
        "encryption": {
            "keySource": "Microsoft.Automation",
            "identity": {}
        }
    }
}

Configure with Bicep#

To set managed identity for an automation account

  • Set identity.type to SystemAssigned or UserAssigned.

For example:

resource automation_account_name_resource 'Microsoft.Automation/automationAccounts@2021-06-22' = {
  name: automation_account_name
  location: 'australiaeast'
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    disableLocalAuth: false
    sku: {
      name: 'Basic'
    }
    encryption: {
      keySource: 'Microsoft.Automation'
      identity: {}
    }
  }
}

Last update: 2022-01-22