Page Comparison

EmpowerID uses the Azure AD SCIM Microservice to make API calls to your Azure tenant in response to your actions in EmpowerID. As part of the deployment process for the microservice, an app service needs to be created to host the microservice and configured for Azure AD authentication.

Create the app service

1. In Azure, navigate to All Services > App services and select Addclick Create.

2. Under Project Details, select a Subscription and Resource Group for the App Service. If desired, you can create a new Resource Group.

3. Under Instance Details, do the following:

   • Name – Enter a name for the Web App.

   • Publish – Select Code.

   • Runtime Stack – Select .Net Core 3.1 (LTS).

   • Operating System – Select Linux.

   • Region – Select the appropriate region.

4. Under App Service Plan, select an existing Linux Plan or create a new one.

5. Click Review + Create.

6. Click Create.

7. After deployment completes, click Go to Resource and copy the URL from the Overview page. You will need this when you configure the app service for the EmpowerID SCIM Microservice.
   

   

Configure authentication

1. Navigate to the Authentication (classic)blade for the app service and click Add identity provider.

2. Turn on App Service Authentication.

3. For Action to take when request is not authenticated, select Log in with Azure Active Directory.

4. For Authentication Providers, select Azure Active Directory.

5. Set the Management mode to Advanced and enter the following information:

6. Client ID – Enter the Client ID for the service principal you registered earlier for EmpowerID.

Issuer Url – Enter

Select Microsoft.

7. On the Add an identity provider page, do the following:

   1. App registration type – Select Pick an existing app registration in this directory.

   2. Name or app ID – Select the service principal you created to provide Azure AD authentication for the microservice.

   3. Issuer URL – Replace the default value with https://login.microsoftonline.com/

   <TenantID>, where <TenantID> is the TenantID of the application you registered in Azure AD for EmpowerID.

8. Client Secret – Enter the client secret for the application you registered in Azure AD for EmpowerID.

9. Allowed Token Audience – Enter the App Service URL.

10. Click OK to close the Active Directory Authentication dialog.
    

    Image Removed

11. Back in the main Authentication / Authorization page, click Save.

    1. <Your Tenant ID>

    2. Restrict access – Select Require authentication.

    3. Unauthenticated requests – Select HTTP 401 Unauthorized: recommended for APIs.

    4. Token Store – Leave selected.

    5. Click Add.
       

       Image Added

Create a managed identity for the app service

1. Navigate to the Identity blade for the app service.

2. Turn on System assigned to create the managed identity.
   

   Image RemovedImage Added

3. Save your changes.

4. Click Save and then click Yes to confirm that you want to enable system assigned managed identity.
   

   Image Added

5. Copy the Object ID for app service (shown in the above image). You need this later when setting the appServiceObjectID parameter on the PowerShell script used to set permissions Azure AD SCIM managed identity.
   

   Image Added

Download the publish profile for the app service

1. Navigate to the Overview page for the app service.

2. Click Get publish profile and save the file to your machine. You use this file when publishing the EmpowerID Azure AD SCIM microservice to Azure.
   

   

Next Steps

Publish the Azure AD SCIM Microservice to Azure

Set Permissions for the Azure AD SCIM Managed Identity

Connect to Azure AD