Azure AD PowerShell V2 Microservice

Owned by Phillip Hanegan
Aug 16, 2024
2 min read

This article explains how to deploy the Azure PowerShell V2 microservice through Terraform templates and authenticate it with the Azure AD SCIM Microservice. The target audience for this guide includes EmpowerID DevOps and support team members, as well as Azure/EmpowerID administrators on the client side.

The following Azure components will be deployed using the Terraform script:

  • Resource Group (New)

  • Azure App Service Plan (P1v2)

  • Azure App Service (with System Managed Identity)

  • App Registration (for App Service authentication)

  • Azure Key Vault (for securing secrets)

  • Additional App Registration and Service Principal (for Azure Graph API permissions)

Prerequisites

Before installation, make sure you have the following prerequisites:

  • Azure AD SCIM Microservice

  • Azure Storage account

Clients should obtain the necessary files for setup from their respective EmpowerID support agent.

Procedure

  1. Retrieve Terraform Template:
    Download the Terraform template from the repository at <https://empowerid.visualstudio.com/_git/EID-Infrastructure?path=/terraform_new/templates/AzPowershellV2.>

  2. Configure Terraform Backend:
    Edit the main.tf file to include the following configurations:

    backend "azurerm" { use_azuread_auth = true subscription_id = "<Your Subscription ID>" tenant_id = "<Your Azure Tenant ID>" resource_group_name = "<Your Resource Group Name>" storage_account_name = "<Your Storage Account Name>" container_name = "<Your Storage Container Name>" key = "terraform.azv2.tfstate" }

  3. Set Terraform Variables:
    Modify the terraform.tfvars file with these details:

    azure_region = "<Region to deploy the Microservice>" client_code = "<Client Name>" env_code = "<Client Environment>" region_code = "<Region code>" Subscription_ID = "<Your Subscription ID>" Tenant_ID = "<Your Azure Tenant ID>"

  4. Initialize and Deploy with Terraform:
    Open PowerShell in the directory containing the main.tf file and execute the following commands sequentially:

    • Terraform init to initialize the Terraform environment and modules.

    • Terraform plan to review the deployment plan.

    • Terraform apply to execute the deployment of the Microservice.

  5. Configure Authentication:
    After deploying the microservice, modify the Azure AD SCIM Microservice configuration to authenticate with the Azure PowerShell V2 Microservice by adding the following settings:

    name: "AzureADLogin" value: "<https://login.microsoftonline.com/>" name: "AzureADPowershellV2AppID" value: "<Azure PowerShell V2 Microservice Application ID>" name: "AzureADPowershellV2CertificateName" value: "<Azure PowerShell V2 Microservice Authentication Certificate Name>" name: "AzureADPowershellV2TenantID" value: "<Azure PowerShell V2 Microservice Tenant ID>" name: "AzureADPowershellV2URL" value: "<Azure PowerShell V2 Microservice URL>/services/v1/pshell/" name: "AzureADPowershellV2VaultUrl" value: "<Azure PowerShell V2 Microservice Key Vault URL>"

  6. Upload Artifacts:
    Follow the artifacts deployment documentation to upload the necessary files to your web application.