question

adv00000 avatar image
0 Votes"
adv00000 asked SaurabhSharma-msft commented

What are the correct claims to use in a logic app when calling from a synapse workspace that has managed identity?

Scenario: A Synapse Workspace with a Managed Identity is used to make an HTTP call to a Logic App. The Workspace identity is granted the Contributor role in the Logic App.

On the logic app trigger, using default claims (Audience, Issuer) with or without custom claims (v1 token claims appid and appidacr, or v2 token claims azp, azpacr) return a token mismatch error to the caller.

On Synapse side, a Web Activity is used with authentication set to "Managed Identity", with the same Audience as in the Logic App trigger in the "Resource" field of the Activity settings.

How can I get this working?

azure-synapse-analyticsazure-logic-appsazure-managed-identity
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @adv00000,

Thanks for using Microsoft Q&A !!
Can you please elaborate more on "On the logic app trigger, using default claims (Audience, Issuer) with or without custom claims (v1 token claims appid and appidacr, or v2 token claims azp, azpacr)".
How are you passing and checking the claims to triggers ? What kind of trigger is it ?

Thanks
Saurabh

0 Votes 0 ·

Hi @adv00000,
We haven't heard back from you. Just wanted to check if you are you still facing the issue? In case If you already found a solution, would you please share it here with the community? Otherwise, let us know and we will continue to engage with you on the issue.

Thanks
Saurabh

0 Votes 0 ·
adv00000 avatar image adv00000 SaurabhSharma-msft ·

Hello Saurabh, thanks for checking in, this was an http trigger. I could not get the claims to work with the Service Principal so I switched to using Managed Identity and was able to start the trigger successfully.

1 Vote 1 ·
Show more comments

0 Answers