KeyVault RBAC states Secrets User not Certificate User for obtaining a certificate

[ChewyCalamari]

Issue: To configure Azure RBAC access:

In the left menu, select Access control (IAM). On the Access control (IAM) page, select Add role assignment. On the Role tab, select Key Vault Secrets User. On the Members tab, select Managed identity > + Select members. On the Select managed identity page, select the system-assigned managed identity or a user-assigned managed identity associated with your API Management instance, and then select Select. Select Review + assign.

Suggested Fix: To configure Azure RBAC access:

In the left menu, select Access control (IAM). On the Access control (IAM) page, select Add role assignment. On the Role tab, select Key Vault Certificate User. On the Members tab, select Managed identity > + Select members. On the Select managed identity page, select the system-assigned managed identity or a user-assigned managed identity associated with your API Management instance, and then select Select. Select Review + assign.

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 51769134-4b97-0a48-3031-cbcea10ca714
• Version Independent ID: dc70bd8c-54be-1592-2137-aed9cae0094b
• Content: Secure APIs using client certificate authentication in API Management - Azure API Management
• Content Source: articles/api-management/api-management-howto-mutual-certificates-for-clients.md
• Service: api-management
• GitHub Login: @dlepow
• Microsoft Alias: danlep

[PesalaPavan]

@ChewyCalamari Thanks for your feedback! We will investigate and update as appropriate.

[Jar1-MSFT]

@ChewyCalamari we had verified and updated the document, the update will go live in next 24hrs.