Azure AD PowerShell V2 Microservice
This article explains how to deploy the Azure PowerShell V2 microservice through Terraform templates and authenticate it with the Azure AD SCIM Microservice. The target audience for this guide includes EmpowerID DevOps and support team members, as well as Azure/EmpowerID administrators on the client side.
The following Azure components will be deployed using the Terraform script:
Resource Group (New)
Azure App Service Plan (P1v2)
Azure App Service (with System Managed Identity)
App Registration (for App Service authentication)
Azure Key Vault (for securing secrets)
Additional App Registration and Service Principal (for Azure Graph API permissions)
Prerequisites
Before installation, make sure you have the following prerequisites:
Azure AD SCIM Microservice
Azure Storage account
Clients should obtain the necessary files for setup from their respective EmpowerID support agent.
Procedure
Retrieve Terraform Template:
Download the Terraform template from the repository at<https://empowerid.visualstudio.com/_git/EID-Infrastructure?path=/terraform_new/templates/AzPowershellV2
.>Configure Terraform Backend:
Edit themain.tf
file to include the following configurations:backend "azurerm" { use_azuread_auth = true subscription_id = "<Your Subscription ID>" tenant_id = "<Your Azure Tenant ID>" resource_group_name = "<Your Resource Group Name>" storage_account_name = "<Your Storage Account Name>" container_name = "<Your Storage Container Name>" key = "terraform.azv2.tfstate" }
Set Terraform Variables:
Modify theterraform.tfvars
file with these details:azure_region = "<Region to deploy the Microservice>" client_code = "<Client Name>" env_code = "<Client Environment>" region_code = "<Region code>" Subscription_ID = "<Your Subscription ID>" Tenant_ID = "<Your Azure Tenant ID>"
Initialize and Deploy with Terraform:
Open PowerShell in the directory containing themain.tf
file and execute the following commands sequentially:Terraform init
to initialize the Terraform environment and modules.Terraform plan
to review the deployment plan.Terraform apply
to execute the deployment of the Microservice.
Configure Authentication:
After deploying the microservice, modify the Azure AD SCIM Microservice configuration to authenticate with the Azure PowerShell V2 Microservice by adding the following settings:name: "AzureADLogin" value: "<https://login.microsoftonline.com/>" name: "AzureADPowershellV2AppID" value: "<Azure PowerShell V2 Microservice Application ID>" name: "AzureADPowershellV2CertificateName" value: "<Azure PowerShell V2 Microservice Authentication Certificate Name>" name: "AzureADPowershellV2TenantID" value: "<Azure PowerShell V2 Microservice Tenant ID>" name: "AzureADPowershellV2URL" value: "<Azure PowerShell V2 Microservice URL>/services/v1/pshell/" name: "AzureADPowershellV2VaultUrl" value: "<Azure PowerShell V2 Microservice Key Vault URL>"
Upload Artifacts:
Follow the artifacts deployment documentation to upload the necessary files to your web application.