question

PoojaKeshri-6722 avatar image
0 Votes"
PoojaKeshri-6722 asked PoojaKeshri-6722 commented

Authenticate the HTTP trigge API in logic app using Authntication type as Managed Identity

I have implemented as of now Active Directory OAuth. I see we also have Managed Identity as an option for Authentication. I have my Application registered and Azure OAuth enabled. Can you please explain how to authenticate using Managed Identity.
For trials, I have performed below steps -
1. I have enabled System managed identity for the Logic app
2. I created a app role in the App roles under my application's App registration in Azure AD.
3. Added that app role in API Permission
4. Grant admin consent for that App role

Followed this MS doc - https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

Could yo please tell me how can I achieve the same using System assigned or user assigned Managed Identity ??

azure-logic-appsazure-ad-connectazure-managed-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered PoojaKeshri-6722 commented

Hi @PoojaKeshri-6722

Welcome to Microsoft Q&A! Thanks for posting the question.

Please review the Create Managed Service Identity document which has the details on how you can enable managed identity.
Feel free to get back to me if you need any assistance.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MayankBargali-MSFT

Problem is - I am using "When http request is received" as my trigger point which is going to be triggered by some other UI. For this, I have secured my logic app by importing it in APIM. Since, I wanted to have more secure approach rather than SAS. For this -
1. Created APIM and enabled System managed identity
2. Imported my logic app
3. Add Authorization policies in the Logic app
4. Changed the Inbound policies in APIM to make it work.

My flow is -
97116-image.png

I have already authenticated my Logic app but now I want to call the Custom API in Second step using Managed Identity flow. This API is using Azure OAuth Client credential flow. Can you please let me know if this is possible now as I already have a Authorization policy created ? If yes, how would I authenticate especially Second step that is API ?
Please help me out.

0 Votes 0 ·
image.png (9.8 KiB)

@PoojaKeshri-6722 Yes and this example should help you in the same document that I have shared previously.

0 Votes 0 ·

Hi @MayankBargali-MSFT

Thank you for your response. I am understanding this approach but here I my scenario logic app needs to connect with Application registered in Azure Ad. For this -

  1. I have enabled system msi fot logic app

  2. I havE created a app role in the App roles under my application's App registration in Azure AD.

  3. Added that app role in API Permission

  4. Grant admin consent for that App role

Now, I believe I have to add that app role to Access control IAM of logic app in Role assignment to system managed identity.

Could you please share me the link to connect with Application. Cause this example that you have shared doesn't give information about logic app enabling msi for application authentication.

0 Votes 0 ·