User-assigned managed identity (UMI) in Azure AD for Azure SQL is generally available and is supported for Azure SQL Database and Azure Managed Instance.
Azure Active Directory (AD) supports two types of managed identities: System-assigned managed identity (SMI) and user-assigned managed identity (UMI). For more information, see Managed identity types.
Previously, only the SMI could be assigned to the Managed Instance or SQL Database server identity. With the new feature, the UMI can be assigned to Azure SQL Managed Instance or Azure SQL Database as the instance or server identity.
Benefits of using UMI
- User flexibility to create and maintain their own UMI for a given tenant. UMI can be used as server identities for Azure SQL. UMI is managed by the user, compared to SMI, which identity is uniquely defined per server, and assigned by the system.
- Users can choose a specific UMI to be the server or instance identity for all SQL Databases or Managed Instances in the tenant or have multiple UMIs assigned to different servers or instances. For example, different UMIs can be used in different servers representing different features. For example, a UMI serving transparent data encryption in one server, and a UMI serving Azure AD authentication in another server.
- UMI is independent from logical servers or managed instances. When a logical server or instance is deleted, the SMI is deleted as well. UMI is not deleted with the server.
For more information see: