The EmpowerID SCIM Microservice interfaces with EmpowerID and Azure to perform Azure AD operations in response to your actions in EmpowerID. This includes inventorying your Azure AD tenant and executing CRUD operations initiated in EmpowerID. For this to occur, the App service needs to be configured as follows:
App service authentication must be turned on
Login with Azure Active Directory must be enabled for unauthenticated requests to the App service
Azure Active Directory must be selected as the Identity Provider
Information about the Web application (service principal) you Register an application for EmpowerID in Azure AD must be added to the Azure App service
To configure the Azure App Service
Log in to your Azure portal as a user with the necessary permissions to configure the App service you created earlier.
In Azure, navigate to the App Service.
Under Settings in the sidebar, select Authentication / Authorization.
Turn on App Service Authentication.
Under Action to take when request is not authenticated, select Log in with Azure Active Directory.
Under Authentication Providers, click Azure Active Directory.
Under Management mode, select Advanced.
Enter the following information for the Advanced mode settings:
Client ID — Enter the Client ID for the registered earlier for EmpowerID.
Issuer Url — Enter https://login.microsoftonline.com/<TenantID>, where <TenantID> is the TenantID of the application you registered in Azure AD for EmpowerID.
Client Secret — Enter the client secret for the application you registered in Azure AD for EmpowerID.
Allowed Token Audience — Enter the App Service URL.
The settings should look similar to the below image:
Click OK to close the Active Directory Authentication dialog.
Back in the main Authentication / Authorization page, click Save.
Back in the Overview page for the App Service, click Get Publish Profile. You will need this file when you run the Publish the EmpowerID SCIM Microservice to Azure in EmpowerID.
