Versions Compared

Version Old Version 10 New Version 11
Changes made by

Phillip Hanegan

Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

After you have published the EmpowerID SCIM microservice app to Azure, you need to return to Azure and do the following post-publishing steps:

  • Turn on System-assigned managed identity for the App service

    • Assign the App service

    assign the SCIM App service root level permissions for the Tenant Root Group

    Assign the App service to the Global Administrator role for the tenant

    .

    These steps ensure that EmpowerID has the appropriate authentication and access to read and write the user information for your Azure tenant.

    Turn on System-assigned managed identity for the App Service

  • Log in to your Azure portal as an administrator and navigate to your App service.

  • Under Settings in the sidebar of the App service, click Identity.

    • On the Identity page, click the System assigned tab, toggle Status to On and then click Save.

    Image Removed

  • Click Yes when prompted to confirm that you want to enable system assigned managed identity.

    Image Removed

  • Copy the Object ID. The Object ID is the ID of the service principal created when the System assigned managed identity feature is enabled.

    Image Removed

    • Next, assign to the App service root level permissions to the Tenant Root Group as shown below.

    Assign the App service root level permissions for the Tenant Root Group

    1. In Azure navigate to Management groups.

    2. Click the details link beside Tenant Root Group.

      Image RemovedImage Added

    3. On the tenant root page, click Access Control (IAM) in the sidebar.

      Image RemovedImage Added

    4. On the Access Control (IAM) page, click Add and then select Add role assignment.

      Image RemovedImage Added

    5. In the Add role assignment pane that appears, click Select a role and then select Owner.

      Image RemovedImage Added

    6. Search for and select the App service you deployed to the tenant.

      Image RemovedImage Added

    7. Save the role assignment.

      Image Removed

    Assign the App Service to the Global Administrator role for the tenant

    1. Navigate to Azure Active Directory.

    2. In Azure Active Directory, select Roles and administrators (Preview) from the sidebar.

      Image Removed

    3. Enter Global administrator in the search field and then select the Global administrator role.

      Image Removed

    4. On the Global administrator | Assignments page, click Add assignments.

      Image Removed

    5. In the Add assignments pane that appears, search for the App Service and then click the tile for the service to select it.

      Image Removed

    6. Click Add.

      Image Removed

    The SCIM App service now has the global administrator role for the tenant. The next step is to connect EmpowerID to Azure AD.
    1. Image Added

    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue

    Div
    stylefloat: left; position: fixed;

    Live Search
    sizelarge
    labels2020

    IN THIS ARTICLE

    Table of Contents
    minLevel2
    maxLevel4
    stylenone


    Insert excerpt
    IL:External Stylesheet
    IL:External Stylesheet
    nopaneltrue