Publish the Azure AD SCIM Microservice to Azure

Owned by
Phillip Hanegan
Last updated: Jun 21, 2022
3 min read

After you create and configure an app service for the Azure AD SCIM microservice, you need to publish the microservice to your app service to make API calls to Azure AD. EmpowerID provides two methods for doing so:

  1. You can publish the microservice using the SCIM Microservice Publishing workflow.

  2. You can publish the microservice using the PowerShell script included in this article.

Publishing the microservice using PowerShell requires you to have the appropriate ZIP file for the microservice. Please contact EmpowerID for the file if you do not have it.

Publish the microservice using the workflow

  1. Log in to EmpowerID as a person with the necessary access to initiate the SCIM Microservice Publishing workflow.

  2. On the navbar, expand Azure License Manager and click Configuration.

  3. Select the Tenants tab and then click the Publish Azure App Service action link.

     

  4. For Application Type select Microservices and then click SUBMIT.

     

  5. For Microservice Application select Azure AD SCIM Microservice v5 and then click SUBMIT.

     

  6. Click Choose File and browse for the SCIM App Service Publisher Profile Settings file you downloaded from Azure.

     

  7. Once you have selected the file, click Submit.

  8. Click Vote Yes to confirm that you want to publish the Azure AD SCIM Microservice and then click Submit to close the publish results message.

The Azure AD SCIM Microservice is now published to your app service. The next step is to set permissions for the managed identity used by the App Service.

Publish the microservice using PowerShell

  1. Copy the below PowerShell script into the text editor of your choice and save it as zipdeploy_appService.ps1.

    param( $pubProfileFilePath ,$zipFilePath ) $ErrorActionPreference = "Stop" $pubProfile = [xml](gc $pubProfileFilePath) $zipPubProfile = $pubProfile.publishData.publishProfile | where { $_.publishMethod -eq "zipdeploy" } $userAgent = "powershell/1.0" $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $zipPubProfile.userName, $zipPubProfile.userPWD))) $zipdeployUrl = "https://$($zipPubProfile.publishUrl)/api/zipdeploy" $deploymentsUrl = "https://$($zipPubProfile.publishUrl)/api/deployments" Invoke-RestMethod -Uri $zipdeployUrl -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -UserAgent $userAgent -Method Post -InFile $zipFilePath Invoke-RestMethod -Uri $deploymentsUrl -Headers @{Authorization=("Basic {0}" -f $base64AuthInfo)} -UserAgent $userAgent -Method Get

     

  2. Open an administrative PowerShell session.

  3. Navigate to the directory where you saved the script and execute the script, passing in the values of the pubProfilePath and zipFilePath parameters via the command line, where the value of pubProfilePath is the path to the SCIM App Service Publisher Profile Settings file you downloaded from Azure, and the value of zipFilePath is the path to the microservice ZIP file you received from EmpowerID.

    The command to execute the script should look similar to that shown in the below image.

     

If the command executes successfully, you should see output similar to that shown below.

The Azure AD SCIM Microservice is now published to your app service. The next step is to set permissions for the managed identity used by the App Service.

IN THIS ARTICLE

Next Steps

Set Permissions for the managed identity used by the app service

Connect EmpowerID to Azure AD

Â