We are having an Azure AD Protect API which is hosted on prem. We have a requirement to call this API from Logic App. We have currently created or registered a new client App in App Registration for this logic App and have provided the necessary permissions and have called API passing the Bearer Token.
My question, is there a way we can leverage Managed Identity for Logic App (either User Assigned or System Assigned) for calling the API?
Yes there is. I wrote an article on the topic (though it is not specific to Logic Apps): https://joonasw.net/view/calling-your-apis-with-aad-msi-using-app-permissions .
You will need to create an appRoleAssignment that gives an application permission to your managed identity service principal. To do this, we must use PowerShell or Microsoft Graph API. With Azure AD PowerShell , we can do this:
Connect-AzureAD
New-AzureADServiceAppRoleAssignment -ObjectId $miSpId -Id $appRoleId -PrincipalId $miSpId -ResourceId $targetApiSpId
There we have 3 arguments you need to find:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.