To access resources secured by your Azure AD tenant, the Azure AD SCIM microservice needs to be represented within the tenant by a security principal. The security principal is an application you create in your tenant to provide the necessary authentication context needed by the microservice to call the Microsoft Graph API.
EmpowerID uses the Azure AD SCIM Microservice to make API calls to your Azure tenant in response to your actions in EmpowerID. As part of the deployment process for the microservice, an app service needs to be created to host the microservice and configured for Azure AD authentication, as well as with a managed identity that can be granted permissions to access resources protected by Azure AD.