After you have published the EmpowerID SCIM Microservice microservice app to Azure, you need to return to Azure to do the following post-publishing steps:
Turn on System-assigned managed identity for the App Serviceservice
Assign to the App Service service identity root level permissions to the App Serviceservice
Assign the App Service service to the Global Administrator role for the tenant
These steps ensure that EmpowerID has the appropriate authentication and access to read and write the user information for your Azure tenant.
...
Turn on System-assigned managed identity for the App Service
Log in to your Azure portal as an administrator and navigate to your App Serviceservice.
Under Settings in the sidebar of the App Serviceservice, click Identity.
On the Azure navbar, click App registrations.
On the Identity page, click the System assigned tab and toggle Status to On.
Copy the Object ID. The Object ID is the ID of the service principal created when the System assigned managed identity feature is enabled. You need to assign to the service principal root level permissions to the App Service service as shown below.
...
Assign to the identity root level permissions to the App Service
In Azure navigate to Management groups.
Click the details link beside Tenant Root Group.
On the tenant root page, click Access Control (IAM) in the sidebar.
On the Access Control (IAM) page, click Add and then select Add role assignment.
In the Add role assignment pane that appears, click Select a role and then select Owner.
Search for and select the App Service service you deployed to the tenant.
Save the role assignment.
...