在 PowerApps 中搭配使用 Azure Active Directory 與自訂連接器Use Azure Active Directory with a custom connector in PowerApps

Azure Resource Manager (ARM) 可讓您在 Azure 上管理解決方案的元件 - 資料庫、虛擬機器和 Web 應用程式這類元件。Azure Resource Manager (ARM) enables you to manage the components of a solution on Azure - components like databases, virtual machines, and web apps. 本教學課程示範如何在 Azure Active Directory 中啟用驗證,並將其中一個 ARM API 註冊為自訂連接器,然後在 PowerApps 中連接它。This tutorial demonstrates how to enable authentication in Azure Active Directory, register one of the ARM APIs as a custom connector, then connect to it in PowerApps. 如果您想要直接從應用程式管理 Azure 資源,則這十分有用。This would be useful if you want to manage Azure resources directly from an app. 如需 ARM 的詳細資訊,請參閱 Azure Resource Manager 概觀For more information about ARM, see Azure Resource Manager Overview.

必要條件Prerequisites

在 Azure Active Directory 中啟用驗證Enable authentication in Azure Active Directory

首先,我們需要建立 Azure Active Directory (AAD) 應用程式,該應用程式會在呼叫 ARM API 端點時執行驗證。First, we need to create an Azure Active Directory (AAD) application that will perform the authentication when calling the ARM API endpoint.

  1. 登入 Azure 入口網站Sign in to the Azure portal. 如果您有多個 Azure Active Directory 租用戶,請確定您登入正確的目錄,方法是查看右上角的使用者名稱。If you have more than one Azure Active Directory tenant, make sure you're logged into the correct directory by looking at your username in the upper-right corner.

    使用者名稱

  2. 在左側功能表上,按一下 [更多服務]。On the left-hand menu, click More services. 在 [篩選] 文字方塊中,輸入 Azure Active Directory,然後按一下 [Azure Active Directory]。In the Filter textbox, type Azure Active Directory, and then click Azure Active Directory.

    Azure Active Directory

    [Azure Active Directory] 刀鋒視窗隨即開啟。The Azure Active Directory blade opens.

  3. 在 [Azure Active Directory] 刀鋒視窗的功能表中,按一下 [應用程式註冊]。In the menu on the Azure Active Directory blade, click App registrations.

    應用程式註冊

  4. 在已註冊的應用程式清單中,按一下 [新增]。In the list of registered applications, click Add.

    [新增] 按鈕

  5. 輸入應用程式的名稱,保持 [Web 應用程式/API] 選取,然後針對 [登入 URL] 輸入 https://login.windows.netType a name for your application, leave Web app / API selected, and then for Sign-on URL type https://login.windows.net. 按一下 [建立]。Click Create.

    新的應用程式表單

  6. 按一下清單中新的應用程式。Click the new application in the list.

    清單中新的應用程式

    [註冊的應用程式] 刀鋒視窗隨即開啟。The Registered app blade opens. 請記下 [應用程式識別碼]。Make a note of the Application ID. 我們稍後需要它。We'll need it later.

  7. [設定] 刀鋒視窗應該也已經開啟。The Settings blade should have opened, as well. 如果未開啟,請按一下 [設定] 按鈕。If it didn't, click the Settings button.

    [設定] 按鈕

  8. 在 [設定] 刀鋒視窗中,按一下 [回覆 URL]。In the Settings blade, click Reply URLs. 在 URL 的清單中,新增 https://msmanaged-na.consent.azure-apim.net/redirect,然後按一下 [儲存]。In the list of URLs, add https://msmanaged-na.consent.azure-apim.net/redirect and click Save.

    回覆 URL

  9. 返回 [設定] 刀鋒視窗,按一下 [必要權限]。Back on the Settings blade, click Required permissions. 在 [必要權限] 刀鋒視窗中,按一下 [新增]。On the Required permissions blade, click Add.

    必要權限

    [加入 API 存取權] 刀鋒視窗隨即開啟。The Add API access blade opens.

  10. 按一下 [選取 API]。Click Select an API. 在開啟的刀鋒視窗中,按一下 Azure 服務管理 API 的選項,然後按一下 [選取]。In the blade that opens, click the option for the Azure Service Management API and click Select.

    選取 API

  11. 按一下 [選取權限]。Click Select permissions. 在 [委派的權限] 底下,按一下 [以組織使用者的身分存取 Azure 服務管理],然後按一下 [選取]。Under Delegated permissions, click Access Azure Service Management as organization users, and then click Select.

    委派的權限

  12. 在 [加入 API 存取權] 刀鋒視窗中,按一下 [完成]。On the Add API access blade, click Done.
  13. 返回 [設定] 刀鋒視窗,按一下 [金鑰]。Back on the Settings blade, click Keys. 在 [金鑰] 刀鋒視窗中,輸入您的金鑰描述,選取到期時間,然後按一下 [儲存]。In the Keys blade, type a description for your key, select an expiration period, and then click Save. 新的金鑰隨即顯示。Your new key will be displayed. 記下金鑰值,因為我們稍後也需要它。Make note of the key value, as we will need that later, too. 您現在可以關閉 Azure 入口網站。You may now close the Azure portal.

    建立金鑰

在 PowerApps 中新增連線Add the connection in PowerApps

既然已經設定 AAD 應用程式,讓我們來新增自訂連接器。Now that the AAD application is configured, let's add the custom connector.

  1. powerapps.com 的左功能表中,選取 [連線]。In powerapps.com, in the left menu, select Connections. 選取省略符號 (...),然後選取右上角的 [管理自訂連接器]。Select the ellipsis (...), then select Manage custom connectors in the upper right corner.

    秘訣︰如果您找不到在行動瀏覽器的哪個位置管理自訂連接器,則它可能是在左上角的功能表下方。Tip: If you can't find where to manage custom connectors in a mobile browser, it might be under a menu in the upper left corner.

    建立自訂連接器

  2. 選取 [建立自訂連接器]。Select Create custom connector.

    自訂連接器內容

  3. 輸入您連線的名稱,然後上傳範例 ARM OpenAPI 檔案Type a name for your connection, and then upload the sample ARM OpenAPI file. 按一下 [繼續]。Click Continue.

    連線到新的 API 端點

  4. 在下一個畫面中,因為 OpenAPI 檔案使用我們的 AAD 應用程式進行驗證,所以我們需要將應用程式的一些相關資訊提供給 PowerApps。On the next screen, because the OpenAPI file uses our AAD application for authentication, we need to give PowerApps some information about our application. 在 [用戶端識別碼] 底下,輸入您稍早記下的 AAD [應用程式識別碼]。Under Client id, type the AAD Application ID you noted earlier. 針對用戶端祕密,使用 [金鑰]。For client secret, use the key. 最後,針對 [資源 URL],輸入 https://management.core.windows.net/And finally, for Resource URL, type https://management.core.windows.net/.

    重要:請務必包括完全如上面所記載的資源 URL,包括結尾的斜線。Important: Be sure to include the Resource URL exactly as written above, including the trailing slash.

    OAuth 設定

  5. 您的自訂連接器現在已註冊,並且可以在 PowerApps 或 Microsoft Flow 內取用。Your custom connector is now registered and can be consumed within PowerApps or Microsoft Flow.

    已新增自訂連接器

    注意:範例 OpenAPI 不會定義完整集合的 ARM 作業,目前只包含列出所有訂用帳戶 (英文) 作業。Note: The sample OpenAPI does not define the full set of ARM operations and currently only contains the List all subscriptions operation. 您可以使用線上 OpenAPI 編輯器來編輯此 OpenAPI 檔案,或建立另一個 OpenAPI 檔案。You can edit this OpenAPI file or create another OpenAPI file using the online OpenAPI editor. 此程序可以用來存取任何使用 AAD 進行驗證的 RESTful API。This process can be used to access any RESTful API authenticated using AAD.

後續步驟Next steps

如需如何建立應用程式的詳細資訊,請參閱從資料建立應用程式For more detailed information about how to create an app, see Create an app from data.

如需有關如何在應用程式中使用流程的詳細資訊,請參閱在應用程式中啟動流程For more detailed information about how to use a flow in an app, see Start a flow in an app.

若要詢問問題,或對自訂連接器提出意見,請加入我們的社群To ask questions or make comments about custom connectors, join our community.