You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Create an API Management Service

The SCIM VDS uses an API Management Service to intercept and route all API call to the SCIM VDS App Service. The below steps walk you through the steps need to create and configure the service.

You need the Object ID for the SCIM VDS App Service to configure the API Management Service.

  1. Log in to your Azure portal and navigate to the SCIM App Service you created earlier.

  2. Under API on the Azure navbar, click API Management.

  3. Click Create new.

     

  4. Enter your Organization name, select the appropriate Pricing tier and click Create.

     

  5. After Azure creates the service, click Go to API Management.

     

  6. On the API Management Service page, select APIs from the Azure sidebar.

  7. From the Add a new API pane, select App Service.

     

  8. Select the SCIM App Service you created earlier. The API Management Service will forward all requests to this App Service.

     

  9. After Azure creates the API Management service, click the Policy Code Editor button in the Inbound processing pane to open the editor.

     

  10. Edit the policy, adding the following code under the set-backend-service node. This code instructs the API Management Service to do the following:

    • Check for the existence of the Bearer token before routing the API call to the SCIM App Service. If the token is not present, the service sends a 401 error. This token string can be any random value that is less than 1024 bytes. Replace the value shown below with your own.

    • Add the Object ID of the system assigned managed identity for the SCIM App Service. Replace the value shown with the Object ID for your environment.

      <check-header name="Authorization" failed-check-httpcode="401" failed-check-error-message="Not authorized from the API Management Service" ignore-case="false"> <value>Bearer RkZBOTEzQTgtNzk5My00NUY3LTlGRkE5MTNBOC03OTkzLTQ1RjctOTZCNy02MzJFMDE0RkY4NEQ2QjctNjMyRTAxNEZGODRESw==</value> </check-header> <authentication-managed-identity resource="e08091bf-3439-4548-b64d-8c4bd9e573ae" />

       

  11. Click Save to save your changes.


Next Steps

Deploy the SCIM Microservice