User-assigned managed identity (UMI) in Azure AD for Azure SQL

Published Jun 01 2022 01:54 PM 675 Views

User-assigned managed identity (UMI) in Azure AD for Azure SQL (currently in public preview) is supported for Azure SQL Database, Azure Managed Instance and Azure Synapse Analytics (dedicated SQL pools only).


Azure Active Directory (AD) supports two types of managed identities: System-assigned managed identity (SMI) and user-assigned managed identity (UMI). For more information, see Managed identity types.


Previously, only the SMI could be assigned to the Managed Instance or SQL Database server identity. With the new feature, the UMI can be assigned to Azure SQL Managed Instance or Azure SQL Database as the instance or server identity.


Benefits of using UMI

  • User flexibility to create and maintain their own UMI for a given tenant. UMI can be used as server identities for Azure SQL. UMI is managed by the user, compared to SMI, which identity is uniquely defined per server, and assigned by the system.
  • Users can choose a specific UMI to be the server or instance identity for all SQL Databases or Managed Instances in the tenant, or have multiple UMIs assigned to different servers or instances. For example, different UMIs can be used in different servers representing different features. For example, a UMI serving transparent data encryption in one server, and a UMI serving Azure AD authentication in another server.
  • UMI is independent from logical servers or managed instances. When a logical server or instance is deleted, the SMI is deleted as well. UMI is not deleted with the server.

 For more information see:

Version history
Last update:
‎Jun 01 2022 01:53 PM
Updated by: