When the function app (or App Service) has been created, go to “Identity” and enable Managed Service Identity: Give it a name, select PowerShell and create: Now, let’s create our Azure Function that we will use. You should see that the thumbprint listed is the same as the certificate in the KeyVault. Next, go back to your app registration, click on “Certificates & secrets” and upload your certificate file: When the certificate has been created, and finished processing, click on it, click in the active version and download the CER-version: Also, make sure the validity period is long, or you will need to update the certificate (which is not a bad thing of course). When the KeyVault is ready, go to certificates and click “Generate/Import”. It simply needs to be uploaded to the app registration.Īlso, KeyVault is absolutely not required here, and you can use any certificate service that allows you to sign stuff, as well as locally installed certificates. The certificate does not have any particular requirements when it comes to subject, issuer etc. Now that we have granted the application access to read any user, let’s start by creating our certificate using KeyVault. Next, for demonstration purposes, go to “API permissions”, and add “”, and click “Grant admin consent”: Note down the Application (client) ID and the Directory (tenant) ID values. Start by creating a new app registration, and end up at the following: I will be using an Azure Function, but all concepts are simple and portable to any scenario that require you to authenticate as an application, using a client credential grant. I will now demonstrate how you can easily use a certificate instead of a secret. Then you might have googled a few things, found nothing, given up, and gone down the client secret route after all. You might have seen the below screen, where you can choose to either upload a certificate, or to create a new client secret, and thought – “hey, certificates sounds a lot safer than these secrets!”. Here is a quick guide on how to actually do this, properly detailed, with a simple Azure Function as an example using KeyVault. The documentation on how to authenticate to Azure AD using a client credentials grant and certificate is decent, but it leaves a few open questions, I have experienced.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |