Does (Azure Logic Apps) Webhook support managed identities based authentication?

1
votes

I am using a webhook action in my workflow but the subscribe (and unsubscribe) endpoints are (exposed by an API behind API Management) using AAD as authorization server. Is there a way to use managed identities for obtaining authorized calls from the webhook action?

It has support for a 'Subscribe-Authentication' object but according to docs (here: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-actions-triggers#connector-authentication) that doesn't seem to support managed identities. I tried to configure 'Subscriber-Authentication' to something like:

{
  "audience": "https://management.azure.com",
  "type": "ManagedServiceIdentity"
}

(as this works for 'Http Request' action but i got an error that 'ManagedServiceIdentity' is not supported).

1
azureazure-logic-apps

1 Answers

0
votes

Based on my understanding for your description, it sounds like you want to use managed identities to obtain authorized calls from the webhook in a same AAD. However, the offical document Authenticate and access resources with managed identities in Azure Logic Apps has said,

To access resources in other Azure Active Directory (Azure AD) tenants and authenticate your identity without signing in, your logic app can use a managed identity.

So in your current scenario, the answer is no for using managed identity to access any resources in a same AAD, the only way is using ActiveDirectoryOAuth which be introduced at here.