Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Azure Licensing Manager uses the Azure AD SCIM Microservice to make API calls to your Azure tenant in response to your actions in EmpowerID. As part of the deployment process for the microservice, an app service needs to be created to host the microservice and configured for Azure AD authentication.

To create an App Service for the SCIM Microservice

  • Log in to your Azure portal as a user with the necessary permissions to create an App Service.

  • Create the app service

    1. In Azure, navigate to All Services > App Services and create a new App serviceservices and select Add.

    2. Under Project Details, select a Subscription and then create a Resource Group for the App Service. If desired, you can create a new Resource Group.

    3. Under Instance Details, enter do the following information:

      • NameEnter a name for the app serviceWeb App.

      • Publish Select Code.

      • Runtime Stack Select .NET Net Core 3.1 (LTS).

      • Operating System Select Linux Windows.

      • Region Select the appropriate region.

    4. Click Review + Create.

      Image RemovedImage Added

    5. Click Create.

    6. After the deployment of the App Service completes, click Go to resource.

    7. On the Overview page, copy and save the URL Change the platform for the app service . You will need this later.Change the platform for the App Service to 64 Bit by doing the following:

      1. On the App Service app service navbar, under Settings, click Configuration.

      2. On the Configuration blade, select the General settings tab.

      3. Under Platform settings, change the Platform to 64 Bit and click Save.

      4. Click Continue confirm you want to save the changes.

    8. On the Overview page, copy the URL. You will need this when you configure the app service for the EmpowerID SCIM Microservice.

      Image Added

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

    Configure authentication

    1. Navigate to the Authentication (classic) blade for the app service.

    2. Turn on App Service Authentication.

    3. For Action to take when request is not authenticated, select Log in with Azure Active Directory.

    4. For Authentication Providers, select Azure Active Directory.

    5. Set the Management mode to Express and select the service principal you created to provide Azure AD authentication for the microservice.

      Image Removed

       

      Save your changesAdvanced and enter the following information:

      • Client ID – Enter the Client ID for the service principal you registered earlier for EmpowerID.

      • Issuer Url – Enter https://login.microsoftonline.com/<TenantID>, where <TenantID> is the TenantID of the application you registered in Azure AD for EmpowerID.

      • Client Secret – Enter the client secret for the application you registered in Azure AD for EmpowerID.

      • Allowed Token Audience – Enter the App Service URL.

    6. Click OK to close the Active Directory Authentication dialog.

      Image Added

    7. Back in the main Authentication / Authorization page, click Save.

    Create a managed identity for the app service

    1. Navigate to the Identity blade for the app service.

    2. Turn on System assigned to create the managed identity.

      Image Added

    3. Save your changes.

    Download the publish profile for the app service

    1. Navigate to the Overview page for the app service.

    2. Click Get publish profile and save the file to your machine. You use this file when publishing the EmpowerID Azure AD SCIM microservice to Azure.

      Image Added

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

    Div
    stylefloat: left; position: fixed;padding: 5px;

    IN THIS ARTICLE

    Table of Contents
    maxLevel4
    minLevel2
    stylenone