After you have published the EmpowerID SCIM Microservice app to Azure, you need to return to Azure to do the following post-publishing steps:
Turn on System-assigned managed identity for the App Service
Assign to the identity root level permissions to the App Service
...
Log in to your Azure portal as an administrator and navigate to your App Service.
Under Settings in the sidebar of the App Service, click Identity.
On the Azure navbar, click App registrations.
On the Identity page, click the System assigned tab and toggle Status to On.
Copy the Object ID. The Object ID is the ID of the service principal created when the System assigned managed identity feature is enabled. You need to assign to the service principal root level permissions to the App Service as shown below.
...
In Azure navigate to Management groups.
Click the details link beside Tenant Root Group.
On the tenant root page, click Access Control (IAM) in the sidebar.
On the Access Control (IAM) page, click Add and then select Add role assignment.
In the Add role assignment pane that appears, click Select a role and then select Owner.
Search for and select the App Service you deployed to the tenant.
Save the role assignment.
Navigate to Azure Active Directory.
In Azure Active Directory, select Roles and administrators (Preview) from the sidebar.
Enter Global administrator in the search field and then select the Global administrator role.
On the Global administrator | Assignments page, click Add assignments.
In the Add assignments pane that appears, search for the App Service and then click the tile for the service to select it.
Click Add.
The SCIM App service now has the global administrator role for the tenant. The next step is to connect EmpowerID to Azure AD.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
|