Introduction In previous post - Securing Function App with Azure Active Directory authentication we saw how function app can be secured with Azure active directory and how to make call to it. And it was done by creating an AD App which acted as Audience and and was responsible for validating the access token.  And as Azure Function App supports AD authentication, the Audience app can be assigned/linked to it. So the first thought would be that same can be done with Logic App, why this post? - Ideally it should be but it is not because not all Azure services support Azure AD authentication and Logic App is one of them. Microsoft has a plan for adding/integrating support for all All Azure services, but it will take some time.    So how do we use Azure Active Directory to secure Logic App? It can be done with the help of Azure APIM, where we ask it to do the task of validating the token and rest all remains same. i.e. whoever has to access the logic ap...

What is Managed Service Identity / Managed Identity In last post we saw how to secure a Function App with Active directory and how to make call to it from another function App. And for doing it from function we used libraries provided by Microsoft i.e.,  Microsoft.IdentityModel.Clients.ActiveDirectory; So we needed to authenticate first with AD and then request for access token. For that we create an AD app, create secret/add certificate , manage secrets expiry and storing the info somewhere so as to use in our code With this approach there are two problem areas 1. We have to create/manage the AD app and the  certificates/secrets associated with it.  2. We have to use credentials in our code, although from app settings (they are visible to all)  or keyvault - but to access those you need credential to authenticate to it. To avoid this, we can use Managed Service identity (MSI)/Managed Identity feature, and the Azure will do this for us automatically. T...

Introduction In last post we saw how to secure a Function App with Active directory and how to make call to it from another function App. And for doing it from function we used libraries provided by Microsoft i.e.,  Microsoft.IdentityModel.Clients.ActiveDirectory; So how do we do this in logic app? How do we add the above library to logic app and where do we write code? – No code required as Logic app already supports Active Directory OAuth out of box . We just need to provide the    following info Tenant ID(Directory ID)  -- It is the authority which grants the token AudienceID  - For whom the token will be created i.e.Target AD App's client ID Client ID and Client Secret  - It is caller AD app's details, this proves client identity Thus other steps remains same, in order to call AD secured app you(client/calling app) need to get access token from AD and for doing that you need to prove your identity with AD. And to create identity we need...