You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Publish the Azure AD SCIM Microservice to Azure

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

After you create and configure an app service for the Azure AD SCIM microservice, you need to publish the microservice to your app service to make API calls to Azure AD. EmpowerID provides two methods for doing so:

  1. You can publish the microservice using the SCIM Microservice Publishing workflow.

  2. You can publish the microservice using the PowerShell script included in this article.

Publishing the microservice using PowerShell requires you to have the appropriate ZIP file for the microservice. Please contact EmpowerID for the file if you do not have it.

Publish the microservice using the SCIM Microservices Publishing workflow

  1. Log in to EmpowerID as a person with the necessary access to initiate the SCIM Microservice Publishing workflow.

  2. On the navbar, expand Azure License Manager and click Configuration.

  3. Select the Tenants tab and then click the Publish Azure App Service action link.

  4. For Application Type select Microservices and then click SUBMIT.

  5. For Microservice Application select Azure AD SCIM Microservice v5 and then click SUBMIT.

  6. Click Choose File and browse for the SCIM App Service Publisher Profile Settings file you downloaded from Azure.

  7. Once you have selected the file, click Submit.

  8. Click Yes to confirm that you want to publish the Azure AD SCIM Microservice and then click OK to close the publish results message.

The Azure AD SCIM Microservice is now published to your app service. The next step is to set permissions for the managed identity used by the App Service.

Publish the microservice using PowerShell

  1. Copy the below PowerShell script into the text editor of your choice.

    param(
    $pubProfileFilePath
    ,$zipFilePath
    ,$authority_url = $null
    ,$client_id = $null
    ,$scope = $null
    ,$api_url = $null
    ,$base_eid_url = $null
)

$ErrorActionPreference = "Stop"

$pubProfile = [xml](gc $pubProfileFilePath)
$zipPubProfile = $pubProfile.publishData.publishProfile | where { $_.publishMethod -eq "zipdeploy" }

$userAgent = "powershell/1.0"
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $zipPubProfile.userName, $zipPubProfile.userPWD)))
$zipdeployUrl = "https://$($zipPubProfile.publishUrl)/api/zipdeploy"
$deploymentsUrl = "https://$($zipPubProfile.publishUrl)/api/deployments"

$tempDir = [System.IO.Path]::GetTempPath() + $(New-Guid)
$tempZipFile = $tempDir + ".zip"
[System.IO.Directory]::CreateDirectory($tempDir) | Out-Null
Expand-Archive -Path $zipFilePath -DestinationPath $tempDir

if([System.IO.File]::Exists("$tempDir\index.html")){
    $raw = [System.IO.File]::ReadAllText("$tempDir\index.html")
    $editted = $false

    if($raw.Contains("#{AUTHORITY_URL}#") -and ![String]::IsNullOrWhiteSpace($authority_url)){
        $raw = $raw.Replace("#{AUTHORITY_URL}#", $authority_url)
        $editted = $true
    }

    if($raw.Contains("#{CLIENT_ID}#") -and ![String]::IsNullOrWhiteSpace($client_id)){
        $raw = $raw.Replace("#{CLIENT_ID}#", $client_id)
        $editted = $true
    }
    
    if($raw.Contains("#{SCOPE}#") -and ![String]::IsNullOrWhiteSpace($scope)){
        $raw = $raw.Replace("#{SCOPE}#", $scope)
        $editted = $true
    }
    
    if($raw.Contains("#{API_URL}#") -and ![String]::IsNullOrWhiteSpace($api_url)){
        $raw = $raw.Replace("#{API_URL}#", $api_url)
        $editted = $true
    }
    
    if($raw.Contains("#{BASE_EID_URL}#") -and ![String]::IsNullOrWhiteSpace($base_eid_url)){
        $raw = $raw.Replace("#{BASE_EID_URL}#", $base_eid_url)
        $editted = $true
    }

    if($editted -eq $true){
        [System.IO.File]::WriteAllText("$tempDir\index.html", $raw)
    }
}

Compress-Archive -Path $tempDir\* -DestinationPath $tempZipFile 
[System.IO.Directory]::Delete($tempDir, $true)

Invoke-RestMethod -Uri $zipdeployUrl -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -UserAgent $userAgent -Method Post -InFile $tempZipFile
[System.IO.File]::Delete($tempZipFile)

Invoke-RestMethod -Uri $deploymentsUrl -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -UserAgent $userAgent -Method Get

  2. Set the values of the following two parameters:

    • $pubProfileFilePath – Enter the path to the SCIM App Service Publisher Profile Settings file you downloaded from Azure.

    • $zipFilePath – Enter the path to the ZIP file for the microservice you received from EmpowerID

  3. Open an administrative PowerShell session and execute the script.

The Azure AD SCIM Microservice is now published to your app service. The next step is to set permissions for the managed identity used by the App Service.

Next Steps

Set Permissions for the managed identity used by the app service

Connect EmpowerID to Azure AD

  • No labels