Azure Question posted in
The official documentation to get you started can be found here.

Azure Logic app (standard) connections are missing access policies

I’ve deployed two connections office365 and sharepointonline to be used with a Logic app (standard). Both connections are created through ARM template, along with the Logic app (standard). When I add the connectinos through a pipeline to the Logic app, it is coming up that it’s missing access policies – I thought these were auto-generated?

Connection ARM template:

{
        "type": "Microsoft.Web/connections",
        "apiVersion": "2016-06-01",
        "name": "[variables('connections_office365_name')]",
        "location": "[variables('primaryLocation')]",
        "tags": "[variables('tags')]",
        "kind": "V2",
        "properties": {
            "displayName": "Name",
            "statuses": [
                {
                    "status": "Connected"
                }
            ],
            "customParameterValues": {},
            "nonSecretParameterValues": {},
            "createdTime": "2024-03-26T09:34:43.4138095Z",
            "changedTime": "2024-04-04T20:52:07.4299297Z",
            "api": {
                "name": "office365",
                "displayName": "Office 365 Outlook",
                "description": "Microsoft Office 365 is a cloud-based service that is designed to help meet your organization's needs for robust security, reliability, and user productivity.",
                "iconUri": "[concat('https://connectoricons-prod.azureedge.net/releases/v1.0.1676/1.0.1676.3617/', variables('connections_office365_name'), '/icon.png')]",
                "brandColor": "#0078D4",
                "id": "[concat('/subscriptions/',parameters('subscriptionId'),'/providers/Microsoft.Web/locations/uksouth/managedApis/', variables('connections_office365_name'))]",
                "type": "Microsoft.Web/locations/managedApis"
            },
            "testLinks": [
                {
                    "requestUri": "[concat('https://management.azure.com:443/subscriptions/', parameters('subscriptionId'), '/resourceGroups/', parameters('resourceGroup'), '/providers/Microsoft.Web/connections/', variables('connections_office365_name'), '/extensions/proxy/testconnection?api-version=2016-06-01')]",
                    "method": "get"
                }
            ]
        }
      }

and then this is the connection.json file I am using to try add the connections to the Logic app (standard)

{
    "managedApiConnections": {
        "office365": {
            "api": {
                "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/providers/Microsoft.Web/locations/@appsetting('WORKFLOWS_LOCATION_NAME')/managedApis/office365"
            },
            "authentication": {
                "type": "ManagedServiceIdentity"
            },
            "connection": {
                "id": "/subscriptions/@appsetting('WORKFLOWS_SUBSCRIPTION_ID')/resourceGroups/@appsetting('WORKFLOWS_RESOURCE_GROUP_NAME')/providers/Microsoft.Web/connections/office365"
            },
            "connectionRuntimeUrl": "@appsetting('OFFICE365_CONNECTIONURL')"
        }
}

Am i missing something?

I’m expecting the status’ of the connections to be connected.

Tags:

2

Answers


  1. 0

    Access policies are not auto-generated. You do need to include them in the template like this –

    {
   "type": "Microsoft.Web/connections/accessPolicies",
   "apiVersion": "2016-06-01",
   "name": "[concat(variables('connections_office365_name'),'/','<object-ID>')]",
   "location": "[variables('primaryLocation')]",
   "dependsOn": [
      "[resourceId('Microsoft.Web/connections', variables('connections_office365_name'))]"
   ],
   "properties": {
      "principal": {
         "type": "ActiveDirectory",
         "identity": {
            "objectId": "<object-ID>",
            "tenantId": "[subscription().tenantId]"
         }
      }
   }
}

    where <object-ID> is the object ID for the Microsoft Entra identity.

    Login or Signup to reply.
  2. 0

    As mentioned by @10p, Microsoft.Web/connections will only create API connections and will not automatically add access policies. According to the official doc Create and deploy single-tenant based logic app workflows with Azure Arc-enabled Logic Apps (Preview), you need to include the following resource definition for each managed API connection and provide the following information:

    enter image description here

    {
   "type": "Microsoft.Web/connections/accessPolicies",
   "apiVersion": "2016-06-01",
   "name": "[concat('<connection-name>'),'/','<object-ID>')]",
   "location": "<location>",
   "dependsOn": [
      "[resourceId('Microsoft.Web/connections', parameters('connection_name'))]"
   ],
   "properties": {
      "principal": {
         "type": "ActiveDirectory",
         "identity": {
            "objectId": "<object-ID>",
            "tenantId": "<tenant-ID>"
         }
      }
   }
}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search