Run azure logic app / connector as service principal

2
votes

Is it possible to run a logic app or connector as a service principal, in particular under the consumption plan?

I'd guess forcing the app to run in a non-consumption plan via powershell might give more control over the service principal.

The reason I'd want it to avoid an individual's account to be used during an automated deployment.

The closest I thought was to wrangle https://github.com/logicappsio/LogicAppConnectionAuth to do the oauth automagically using a service principal, however trying similar things for data factory connections proved unfruitful and very time consuming, so I'd rather find out sooner than later if I'm barking up the wrong tree.

1
azure-logic-apps
Which connector are you talking about? There is no such a thing of non-consumption plan for Logic Apps... Logic Apps are currently always charged per execution, as described here azure.microsoft.com/en-au/pricing/details/logic-apps. - Paco de la Cruz
Hi @PacodelaCruz that's true, however the first link indicates that it's possible to switch the underlying plan from a consumption plan to an app service plan with a different SKU. I suspect that unlike Azure Functions the app service plan has been hidden from view in the portal to simplify it for logic apps. - Alex KeySmith
Hi @AlexKeySmith, Logic Apps have changed quite a lot since then. At the time they wrote that script they were in preview. Coming back to your original question, which connector do you want to run under a service principal? Different connectors have different authentication methods. - Paco de la Cruz
Thanks, it was more a general question, but of the top of my head things like the office 365 e-mail connector or team services connector. - Alex KeySmith

1 Answers

3
votes

API Connections with OAuth authentication, like Office 365 and Microsoft Team connectors, require manual consent. Unfortunately, at this point in time, authentication for those cannot be fully automated.

As you mentioned, this script https://github.com/logicappsio/LogicAppConnectionAuth will avoid some user clicks when authenticating the connectors, but at the end is going to be a manual step.

HTH