Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The SCIM Microservice interfaces with EmpowerID and Azure to execute Azure AD operations in response to your actions in EmpowerID. For this to occur, the App Service app service hosting the SCIM microservice needs to be configured so that it can authenticate to Azure AD and receive identity and access tokens with the necessary permissions to call the relevant Graph and Azure API endpoints on your behalf.

To configure the SCIM App Service for authentication involves Azure AD auth for the SCIM app service you will need to do the following:

  • App Service authentication must be turned on and Turn on app service authentication and enable Login with Azure Active Directory must be enabled App

  • Select Azure Active Directory must be selected as the Identity Provider

  • Information about the application (Add the information you copied from service principal ) application you registered in Azure AD must be added to the App Service A app service

  • Create a system assigned managed identity must be created for the App Service in app service

Configure Azure AD

...

To configure the SCIM App Service

Auth for the app service

  1. Log in to your Azure portal as a user with the necessary permissions to configure the App SCIM app service you created earlier.

  2. In Azure, navigate to the App ServiceSCIM app service.

  3. Under Settings in the sidebarOn the navbar, under Settings, select Authentication / Authorization.Turn (classic) and turn on App Service Authentication.

    Image RemovedImage Added

  4. Under Action to take when request is not authenticated, select Log in with Azure Active Directory.

    Image Removed

  5. Under Authentication Providers, click Azure Active Directory.

    Image Removed

  6. Under Management mode, select Advanced.

    Image Removed

  7. Enter the following information for the Advanced mode settings:

    • Client ID Enter the Client ID for the service principal you registered earlier for EmpowerID.

    • Issuer Url Enter https://login.microsoftonline.com/<TenantID>, where <TenantID> is the TenantID of the application you registered in Azure AD for EmpowerID.

    • Client Secret Enter the client secret for the application you registered in Azure AD for EmpowerID.

    • Allowed Token Audience Enter the App Service URL.

      The settings should look similar to the below image:

      Image RemovedImage Added

  8. Click OK to close the Active Directory Authentication dialog.

  9. Back in the main Authentication / Authorization page, click Save.

    Image RemovedImage Added

  10. Under Settings, select Identity.

  11. Turn on system assigned managed identity and click Save.

    Image RemovedImage Added

  12. Copy the Object ID for the System assigned managed identity. You use this when you create and configure the API Management service for the SCIM VDS.

  13. Back in the Overview page for the App Service, click Get Publish Profile. You will need this file when you publish the SCIM Microservice to Azure.

    Image RemovedImage Added

    Insert excerpt
    IL:External Stylesheet - Test
    IL:External Stylesheet - Test
    nopaneltrue