diff --git a/azurerm/internal/services/apimanagement/resource_arm_api_management.go b/azurerm/internal/services/apimanagement/resource_arm_api_management.go
index e01857116ccbf..24c8f9ad31299 100644
--- a/azurerm/internal/services/apimanagement/resource_arm_api_management.go
+++ b/azurerm/internal/services/apimanagement/resource_arm_api_management.go
@@ -89,7 +89,8 @@ func resourceArmApiManagementService() *schema.Resource {
 							Type:     schema.TypeString,
 							Required: true,
 							ValidateFunc: validation.StringInSlice([]string{
-								"SystemAssigned",
+								string(apimanagement.SystemAssigned),
+								string(apimanagement.UserAssigned),
 							}, false),
 						},
 						"principal_id": {
@@ -100,6 +101,15 @@ func resourceArmApiManagementService() *schema.Resource {
 							Type:     schema.TypeString,
 							Computed: true,
 						},
+						"identity_ids": {
+							Type:     schema.TypeList,
+							Optional: true,
+							MinItems: 1,
+							Elem: &schema.Schema{
+								Type:         schema.TypeString,
+								ValidateFunc: validation.NoZeroValues,
+							},
+						},
 					},
 				},
 			},
@@ -902,14 +912,27 @@ func flattenApiManagementAdditionalLocations(input *[]apimanagement.AdditionalLo
 func expandAzureRmApiManagementIdentity(d *schema.ResourceData) *apimanagement.ServiceIdentity {
 	vs := d.Get("identity").([]interface{})
 	if len(vs) == 0 {
-		return nil
+		return &apimanagement.ServiceIdentity{
+			Type: apimanagement.None,
+		}
 	}
 
 	v := vs[0].(map[string]interface{})
 	identityType := v["type"].(string)
-	return &apimanagement.ServiceIdentity{
+
+	identityIds := make(map[string]*apimanagement.UserIdentityProperties)
+	for _, id := range v["identity_ids"].([]interface{}) {
+		identityIds[id.(string)] = &apimanagement.UserIdentityProperties{}
+	}
+	managedServiceIdentity := apimanagement.ServiceIdentity{
 		Type: apimanagement.ApimIdentityType(identityType),
 	}
+
+	if managedServiceIdentity.Type == apimanagement.UserAssigned || managedServiceIdentity.Type == apimanagement.SystemAssignedUserAssigned {
+		managedServiceIdentity.UserAssignedIdentities = identityIds
+	}
+
+	return &managedServiceIdentity
 }
 
 func flattenAzureRmApiManagementMachineIdentity(identity *apimanagement.ServiceIdentity) []interface{} {
@@ -929,6 +952,14 @@ func flattenAzureRmApiManagementMachineIdentity(identity *apimanagement.ServiceI
 		result["tenant_id"] = identity.TenantID.String()
 	}
 
+	identityIds := make([]string, 0)
+	if identity.UserAssignedIdentities != nil {
+		for key := range identity.UserAssignedIdentities {
+			identityIds = append(identityIds, key)
+		}
+		result["identity_ids"] = identityIds
+	}
+
 	return []interface{}{result}
 }