I am developing some workflows on Azure, and I need some help with setting up authentication. Here is what I am setting up:
- There are 2 tenants involved - tenant1 and tenant2
- I have a web API deployed to an App Service on a subscription tied to tenant1
- I also have a logic app on the same subscription as the web API that wants to periodically call the above API end points automatically
- Other than the logic apps, only users from tenant2 should be allowed to call the above web API end points directly
How do I use authentication using Azure AD to set this up correctly? I have tried enabling AAD authentication on the app service, and playing with managed identities to allow the logic app to access it, but logic app authentication is not working. I seem to have set things up correctly to allow the users from tenant2 to access the API though, so now I just need to get the logic apps to authenticate with it correctly. I am looking for an option that uses managed identities.
You can turn on the System-Assigned managed identity in Logic App and your Web API and then use a Logic App Action with settings of
Authenticationlike below to call authenticated API endpoint using Logic App: