Severity
P2 - High (Major functionality broken)
Describe the Bug with repro steps
Describe the Bug
When both System-Assigned Managed Identity (SAMI) and User-Assigned Managed Identity (UAMI) are enabled on a Logic App, selecting UAMI as the authentication identity for managed connectors (e.g., azuresentinel, azuremonitorlogs) does not take effect. The connector silently falls back to SAMI at runtime, despite the UI showing UAMI as the selected identity.
Repro Steps
Create a Logic App
Enable System-Assigned Managed Identity (SAMI) under Identity settings
Attach a User-Assigned Managed Identity (UAMI) under Identity settings
Add a managed connector action (e.g., Microsoft Sentinel or Azure Monitor Logs)
Create a new connection using "Logic Apps Managed Identity" and explicitly select the UAMI
Assign the required RBAC roles to the UAMI on the target resource
Run the workflow
Expected Behavior
The connector authenticates using the selected UAMI and its associated permissions.
Actual Behavior
The connector authenticates using SAMI instead of the selected UAMI, resulting in AuthorizationFailed errors because the RBAC roles were assigned to the UAMI, not SAMI. The error message references the SAMI Object ID, confirming SAMI is being used.
Appendix
My error code:
{ "StatusCode": "Forbidden", "ReasonPhrase": "Forbidden", "Content": "{\"error\":{\"code\":\"AuthorizationFailed\",\"message\":\"The client 'f7fa*****' with object id 'ff10****' does not have authorization to perform action 'Microsoft.SecurityInsights/incidents/comments/write' over scope '/
object id 'ff10****' is my logic app's system assigned management identity but i connected this action to user managed identity(6b50*****)
finally, i do shut off logic app's system assigned managed identity to resolve this problem :<
best regards.
What type of Logic App Is this happening in?
Consumption (Portal)
Are you experiencing a regression?
No response
Which operating system are you using?
Windows
Did you refer to the TSG before filing this issue? https://aka.ms/lauxtsg
Yes
Workflow JSON
Screenshots or Videos
No response
Environment
Browser - Zen Version 1.21.3b (64-bit)
Additional context
No response
Severity
P2 - High (Major functionality broken)
Describe the Bug with repro steps
Describe the Bug
When both System-Assigned Managed Identity (SAMI) and User-Assigned Managed Identity (UAMI) are enabled on a Logic App, selecting UAMI as the authentication identity for managed connectors (e.g., azuresentinel, azuremonitorlogs) does not take effect. The connector silently falls back to SAMI at runtime, despite the UI showing UAMI as the selected identity.
Repro Steps
Create a Logic App
Enable System-Assigned Managed Identity (SAMI) under Identity settings
Attach a User-Assigned Managed Identity (UAMI) under Identity settings
Add a managed connector action (e.g., Microsoft Sentinel or Azure Monitor Logs)
Create a new connection using "Logic Apps Managed Identity" and explicitly select the UAMI
Assign the required RBAC roles to the UAMI on the target resource
Run the workflow
Expected Behavior
The connector authenticates using the selected UAMI and its associated permissions.
Actual Behavior
The connector authenticates using SAMI instead of the selected UAMI, resulting in AuthorizationFailed errors because the RBAC roles were assigned to the UAMI, not SAMI. The error message references the SAMI Object ID, confirming SAMI is being used.
Appendix
My error code:
{ "StatusCode": "Forbidden", "ReasonPhrase": "Forbidden", "Content": "{\"error\":{\"code\":\"AuthorizationFailed\",\"message\":\"The client 'f7fa*****' with object id 'ff10****' does not have authorization to perform action 'Microsoft.SecurityInsights/incidents/comments/write' over scope '/object id 'ff10****' is my logic app's system assigned management identity but i connected this action to user managed identity(6b50*****)
finally, i do shut off logic app's system assigned managed identity to resolve this problem :<
best regards.
What type of Logic App Is this happening in?
Consumption (Portal)
Are you experiencing a regression?
No response
Which operating system are you using?
Windows
Did you refer to the TSG before filing this issue? https://aka.ms/lauxtsg
Yes
Workflow JSON
Screenshots or Videos
No response
Environment
Browser - Zen Version 1.21.3b (64-bit)
Additional context
No response