question

GercoVerweij-7232 avatar image
0 Votes"
GercoVerweij-7232 asked MayankBargali-MSFT commented

Use managed identity for logic app (Teams, SharePoint)

Hello all,

I'm recently busy with logic apps to generate word documents, based on information which is available in a SharePoint list. That is working pretty well, however, my personal account is linked to all triggers and actions (like 'Send a message to a teams channel'). If I understand well, managed identities can be used for this (in most cases). I've searched the internet about managed identities, but I still can't use a managed identity for linking to my actions. I think I miss something.

What I've done so far:
1. Create a user-managed identity within my resource group
2. Give the identity 'Contributor' role within the resource group (don't know if this is necessary)

Should this be enough to use the identity for an API connection, like MS Forms? If I try to use the identity, I get the following error:

100258-afbeelding.png



For now, the following API connections are used within my logic apps in this resource:
1. Microsoft Forms -> To collect new responses and adding them to a SharePoint list
2. SharePoint online -> For adding and updating SharePoint lists and create items (Word documents)
3. Teams -> For sending messages and adaptive cards to a teams channel
4. Word online business -> For populating a word template and fill variables from SharePoint list
5. Office365 -> Outlook, for sending the word document in an e-mail

I read something about adding permissions to the identity with AzureAD Powershell commandlets. Is this necessary to use a managed identity in logic apps? Or do I need to give the identity another role? If yes, which one? Because there are a lot of roles!

I hope someone can put me in the right direction.

Thanks in advance.

Gerco

azure-logic-appsazure-managed-identity
afbeelding.png (16.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered MayankBargali-MSFT commented

@GercoVerweij-7232 Managed Identities are only supported for the listed build in triggers/action and managed connectors. As of now Micorosft teams and SharePoint are not supported.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @MayankBargali-MSFT ,

Thank you for your reply. I've seen that link before, in other forums where I searched for managed identities. How do I know which connector belongs to, for example, 'Azure API Management'?

However, if I have a look at my logic app, I can connect with a managed identity from my Teams action .

100462-afbeelding.png




Do you also know if adding roles to an identity is sufficient, or do I also need to add permissions, as described here: https://laurakokkarinen.com/authenticating-to-azure-ad-protected-apis-with-managed-identity-no-key-vault-required/

Thanks

0 Votes 0 ·
afbeelding.png (10.0 KiB)

@GercoVerweij-7232 I couldn't find the managed identity option for the Microsoft Teams connector as it doesn't support it but looks like you still have that option as per the screenshot. Product group have already made the fix to filter the connectors which don’t support the managed identity. This should be deployed across all the regions.

Connect with managed identity (preview) option should be show in the connectors which supports it. Can you confirm if the managed identity option is still show at your end.
When you mention that you can connect with managed identity have you click on "Sign in" or configure it using Connect with managed identity (preview) option.

101945-image.png

0 Votes 0 ·
image.png (9.6 KiB)