Create a Function app to Update User Profiles

Owned by
Phillip Hanegan
Last updated: Jul 13, 2021
4 min read

As part of the deployment process for the SPO microservice, you need to create a Function app in Azure that EmpowerID uses to update SharePoint user profiles. However, before creating the app, you need to create a secret in the key vault you created earlier and add that information when setting up the Function app. After you create the secret, you then create the Function app with the appropriate settings, and grant the function app access to the secret in the key vault via an access policy.

The value of the secret must be the username and password of an admin user of the SharePoint tenant that has the global admin role in that tenant. The secret must be formatted as username:password.

Step 1 – Create the secret for the Function app

  1. Navigate to the key vault you created earlier.

  2. On the navbar for the key vault, under Settings, click Secrets.

  3. On the Secrets page, click Generate/Import.

  4. On the Create a secret blade, do the following to create the secret:

    1. Name – Enter SPOAdminUser.

    2. Value – Secret values should follow username:password format, such as spoadminuser@<YourAzureTenant>:TestPass123.

    3. Click Create.

       

  5. Back on the Secrets blade, click the record for the secret.

  6. Click the Current Version to go to the Properties blade for the secret.

     

  7. On the Properties blade, copy the Secret Identifier. You will use this value later.

     

Next, create the Function app as shown below.

Step 2 – Create the Function app

  1. In Azure, navigate to All Services > Function App and create a new Function app.

  2. Under Project Details, select a Subscription and then create a Resource Group for the app.

  3. Under Instance Details, enter the following information:

    • Name – Enter SPOUpdateUserProfileProperties

    • Publish – Select Code

    • Runtime Stack – Select .NET

    • Version – 3.1

    • Region – Select the appropriate region

  4. Click Review + Create.

     

  5. Take note of the Storage account created for the app and click Create.

  6. After the deployment of the Function app completes, go to the Configuration page for the function and select the Function runtime settings tab.

  7. Set the Runtime version to ~1 and save your changes.

  8. Restart the Function app.

  9. Go to the Overview page for the Function app and download the publish profile file for the app. You use this when deploying the function app in EmpowerID to Azure.

     

Next, publish the EmpowerID SPO User Profile Function to Azure.

Step 3 – Publish the EmpowerID Function to Azure

  1. On the navbar in EmpowerID, expand Azure License Manager and select Configuration.

  2. On the Configuration page, select the Tenants tab and then click the Publish Azure App Service action.

     

  3. For Application Type select Azure Functions and then click Submit.

     

  4. For Azure Functions, select SPO User Profile Function and click Submit.

     

  5. Browse for and select the SPO Update User Profile Properties Function App Publisher Profile Settings file you downloaded from Azure.

  6. Once you have selected the file, click Submit.

  7. Click Yes to confirm that you want to publish the function.

     

  8. Click OK to close the publish results message.

Next, configure the Function app in Azure, as shown below.

Step 4 – Configure the Function app

  1. Back in Azure, navigate to the Configuration page for the Function app and add the following Application setting:

  2. Navigate to the Identity page for the Function app and turn on System assigned managed identity.

     

  3. Navigate to the Configuration page and copy the Value for AzureWebJobsStorage. You need this value when adding application settings to the SPO app service.

     

  4. Navigate to the Functions page and click the UpdateUserProfileProperties function.

  5. Under Developer, click Code + Test.

  6. Click Get function URL and select the master key.

  7. Copy the URL. You use this value as a configuration setting for the SPO Online app service.

Next, create an access policy in the key vault that gives the function access to key and secret permissions.

Step 5 – Create the access policy in the key vault

  1. Navigate to the Access policies page of the key vault you created earlier.

  2. Add an access policy to it with the below Key and Secret permissions.

    • Key Permissions

      • Get

      • Decrypt

      • Unwrap Key

      • Verify

    • Secret Permissions

      • Get

      • List

      • Set

      • Delete

      • Purge

  3. Select the Function app you created above as the service principal.

Next steps

Add application settings to the app service

Add secret to key vault in EmpowerID tenant

Publish the SharePoint Online Microservice

IN THIS ARTICLE