You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: includes/functions-storage-blob-connections.md
+25Lines changed: 25 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,6 +46,31 @@ The `serviceUri` form can't be used when the overall connection configuration i
46
46
47
47
Other properties may be set to customize the connection. See [Common properties for identity-based connections](../articles/azure-functions/functions-reference.md#common-properties-for-identity-based-connections).
48
48
49
+
#### User-assigned managed identity
50
+
51
+
To use a user-assigned managed identity, add the `credential` and `clientId` properties in addition to the service URI:
52
+
53
+
| Property | Environment variable template | Description | Example value |
| Blob Service URI |`<CONNECTION_NAME_PREFIX>__blobServiceUri`| The data plane URI of the blob service. |`https://mystorageaccount.blob.core.windows.net`|
56
+
| Queue Service URI |`<CONNECTION_NAME_PREFIX>__queueServiceUri`| The data plane URI of the queue service (required for blob triggers). |`https://mystorageaccount.queue.core.windows.net`|
57
+
| Credential |`<CONNECTION_NAME_PREFIX>__credential`| Must be set to `managedidentity`. |`managedidentity`|
58
+
| Client ID |`<CONNECTION_NAME_PREFIX>__clientId`| The client ID of the user-assigned managed identity. |`00000000-0000-0000-0000-000000000000`|
59
+
60
+
For example, if your binding configuration specifies `connection = "BlobStorageConnection"`, you would configure the following application settings:
> User-assigned managed identities are recommended for production scenarios where you need fine-grained control over identity permissions across multiple resources.
0 commit comments