You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Create an App Service for the Azure AD SCIM Microservice
EmpowerID uses the Azure AD SCIM Microservice to make API calls to your Azure tenant in response to your actions in EmpowerID. As part of the deployment process for the microservice, an app service needs to be created to host the microservice and configured for Azure AD authentication, as well as with a managed identity that can be granted permissions to access resources protected by Azure AD.
To create and configure the app service, you need to complete the following tasks:
Create the app service
Configure the app service to authenticate to Azure AD using the service principal you created earlier
Create a managed identity for the app service
Create the app service
In Azure, navigate to All Services > App services and click Create.
Under Project Details, select a Subscription and Resource Group for the App Service. If desired, you can create a new Resource Group.
Under Instance Details, do the following:
Name – Enter a name for the Web App.
Publish – Select Code.
Runtime Stack – Select .NET 6.
Operating System – Select Linux.
Region – Select the appropriate region.
Under App Service Plan, select an existing Linux Plan or create a new one.
Click Review + Create.
Click Create.
After deployment completes, click Go to Resource and copy the URL from the Overview page. You will need this when you configure the app service for the EmpowerID Azure AD SCIM Microservice.
Â
Configure authentication
Navigate to the Authentication blade for the app service and click Add identity provider.
Â
Select Microsoft.
Â
Add the following identity provider information:
App registration type – Select Pick an existing app registration in this directory.
Name or app ID – Select the service principal you created to provide Azure AD authentication for the microservice.
Issuer URL – Enter
https://login.microsoftonline.com/<Your Tenant ID>
Restrict access – Select Require authentication.
Unauthenticated requests – Select HTTP 401 Unauthorized: recommended for APIs.
Token Store – Leave selected.
Click Add.
Â
After adding the Identity provider, click the Edit link for it.
Â
Set the Issuer URL to
https://login.microsoftonline.com/<Your Tenant ID>
.Under Allowed token audiences enter the URL for the app service.
Â
Click Save.
Create a managed identity for the app service
Navigate to the Identity blade for the app service.
Turn on System assigned to create the managed identity.
Â
Click Save and then click Yes to confirm that you want to enable system assigned managed identity.
Â
Download the publish profile for the app service
Navigate to the Overview page for the app service.
Click Get publish profile and save the file to your machine. You use this file when publishing the EmpowerID Azure AD SCIM microservice to Azure.
Â
Next Steps
Publish the Azure AD SCIM Microservice to Azure
Assign Permissions to the App Service
https://dotnetworkflow.jira.com/wiki/spaces/EIDADV23/pages/2984946316
IN THIS ARTICLE
Â