Versions Compared

Old Version 10

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 11

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

After you create and configure an app service for the Azure AD SCIM microservice, you need to publish the microservice to your app service to make API calls to Azure AD. EmpowerID provides two methods for doing so:

  1. You can publish the microservice using the SCIM Microservice Publishing workflow.

  2. You can publish the microservice using the PowerShell script included in this article.

Note

Publishing the microservice using PowerShell requires you to have the appropriate ZIP file for the microservice. Please contact EmpowerID for the file if you do not have it.

Publish the

...

microservice using the SCIM Microservices Publishing workflow

  1. Log in to EmpowerID as a person with the necessary access to initiate the SCIM Microservice Publishing workflow.

  2. On the navbar, expand Azure License Manager and click Configuration.

  3. Select the Tenants tab and then click the Publish Azure App Service action link.

  4. For Application Type select Microservices and then click SUBMIT.

  5. For Microservice Application select Azure AD SCIM Microservice v5 and then click SUBMIT.

  6. Click Choose File and browse for the SCIM App Service Publisher Profile Settings file you downloaded from Azure.

  7. Once you have selected the file, click Submit.

  8. Click Yes to confirm that you want to publish the Azure AD SCIM Microservice and then click OK to close the publish results message.

The Azure AD SCIM Microservice is now published to your app service. The next step is to set permissions for the managed identity used by the App Service.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

Publish the microservice using PowerShell

  1. Copy the below PowerShell script into the text editor of your choice.

    Code Block
    languagepowershell
    param(
    $pubProfileFilePath
    ,$zipFilePath
    ,$authority_url = $null
    ,$client_id = $null
    ,$scope = $null
    ,$api_url = $null
    ,$base_eid_url = $null
)

$ErrorActionPreference = "Stop"

$pubProfile = [xml](gc $pubProfileFilePath)
$zipPubProfile = $pubProfile.publishData.publishProfile | where { $_.publishMethod -eq "zipdeploy" }

$userAgent = "powershell/1.0"
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $zipPubProfile.userName, $zipPubProfile.userPWD)))
$zipdeployUrl = "https://$($zipPubProfile.publishUrl)/api/zipdeploy"
$deploymentsUrl = "https://$($zipPubProfile.publishUrl)/api/deployments"

$tempDir = [System.IO.Path]::GetTempPath() + $(New-Guid)
$tempZipFile = $tempDir + ".zip"
[System.IO.Directory]::CreateDirectory($tempDir) | Out-Null
Expand-Archive -Path $zipFilePath -DestinationPath $tempDir

if([System.IO.File]::Exists("$tempDir\index.html")){
    $raw = [System.IO.File]::ReadAllText("$tempDir\index.html")
    $editted = $false

    if($raw.Contains("#{AUTHORITY_URL}#") -and ![String]::IsNullOrWhiteSpace($authority_url)){
        $raw = $raw.Replace("#{AUTHORITY_URL}#", $authority_url)
        $editted = $true
    }

    if($raw.Contains("#{CLIENT_ID}#") -and ![String]::IsNullOrWhiteSpace($client_id)){
        $raw = $raw.Replace("#{CLIENT_ID}#", $client_id)
        $editted = $true
    }
    
    if($raw.Contains("#{SCOPE}#") -and ![String]::IsNullOrWhiteSpace($scope)){
        $raw = $raw.Replace("#{SCOPE}#", $scope)
        $editted = $true
    }
    
    if($raw.Contains("#{API_URL}#") -and ![String]::IsNullOrWhiteSpace($api_url)){
        $raw = $raw.Replace("#{API_URL}#", $api_url)
        $editted = $true
    }
    
    if($raw.Contains("#{BASE_EID_URL}#") -and ![String]::IsNullOrWhiteSpace($base_eid_url)){
        $raw = $raw.Replace("#{BASE_EID_URL}#", $base_eid_url)
        $editted = $true
    }

    if($editted -eq $true){
        [System.IO.File]::WriteAllText("$tempDir\index.html", $raw)
    }
}

Compress-Archive -Path $tempDir\* -DestinationPath $tempZipFile 
[System.IO.Directory]::Delete($tempDir, $true)

Invoke-RestMethod -Uri $zipdeployUrl -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -UserAgent $userAgent -Method Post -InFile $tempZipFile
[System.IO.File]::Delete($tempZipFile)

Invoke-RestMethod -Uri $deploymentsUrl -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -UserAgent $userAgent -Method Get

  2. Set the values of the following two parameters:

    • $pubProfileFilePath – Enter the path to the SCIM App Service Publisher Profile Settings file you downloaded from Azure.

    • $zipFilePath – Enter the path to the ZIP file for the microservice you received from EmpowerID

  3. Open an administrative PowerShell session and execute the script.

The Azure AD SCIM Microservice is now published to your app service. The next step is to set permissions for the managed identity used by the App Service.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

...