Use Azure Data Factory to invoke Logic App via Managed Identity Authentication

Scenario

 

Configure a Logic App (Consumption) with Azure Active Directory Open Authentication so that it can be called/invoked by an Azure Data Factory Web Activity via Managed Identity.

 

References

 

• Create a Web Activity in Azure Data Factory: Web Activity - Azure Data Factory & Azure Synapse | Microsoft Learn
• Select the Managed Identity Authentication for the Web Activity call in Azure Data Factory: Web Activity - Azure Data Factory & Azure Synapse | Microsoft Learn
• Create a Logic App with an HTTP Trigger: Call, trigger, or nest logic apps by using Request triggers - Azure Logic Apps | Microsoft Learn

 

Services Used

 

• Azure Logic Apps (Consumption)
• Azure Data Factory

 

Steps

 

(1/2) Logic App Setup

 

1. Create a Logic App with an HTTP Trigger: Call, trigger, or nest logic apps by using Request triggers - Azure Logic Apps | Microsoft Learn

a. Make a note of the callable endpoint / webhook / trigger URL

 

 

 

2. On the Logic App, go to Authorization and add the Authorization Policy in the Logic App: Secure access and data - Azure Logic Apps | Microsoft Learn

 

Policy	[Policy Name]
Policy Type	AAD
Claims	Issuer	https://sts.windows.net/[Tenant ID]/
	Audience	https://management.azure.com/

 

 

 

 

3. Add the Trigger Condition: Secure access and data - Azure Logic Apps | Microsoft Learn

1. On the trigger, add the following Trigger Condition: @startsWith(triggerOutputs()?['headers']?['Authorization'], 'Bearer')

 

 

 

4. Include ‘Authorization’ header in request trigger outputs: Secure access and data - Azure Logic Apps | Microsoft Learn

1. Open Code View
2. Add and set the operationOptions property to IncludeAuthorizationHeadersInOutputs

 

Final Code View of the Logic App Trigger:

 

 

 

 

 

 

 

 

"triggers": {
            "manual": {
                "conditions": [
                    {
                        "expression": "@startsWith(triggerOutputs()?['headers']?['Authorization'], 'Bearer')"
                    }
                ],
                "inputs": {
                    "schema": {}
                },
                "kind": "Http",
                "operationOptions": "IncludeAuthorizationHeadersInOutputs",
                "type": "Request"
            }
        }

 

 

 

 

 

 

 

 

 

 

(2/2) Azure Data Factory Setup

 

5. Create a Web Activity in Azure Data Factory: Web Activity - Azure Data Factory & Azure Synapse | Microsoft Learn

1. Enter the following required values (along with additional optional parameters) on the Web Activity.
2. Remove the SAS token when entering Logic App URL on the Web Activity to ensure it will not use SAS Token authentication during invocation.

Property	Sample Value	Comments
URL	https://prod-[xx].[region].logic.azure.com:443/workflows/[Workflow ID]/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0<removed>	Copied from Step 1a
Method	POST, GET…	This can be changed on the Logic App trigger
Body	Valid JSON
Authentication	System Assigned Managed Identity
Resource	https://management.azure.com/

 

 

 

Testing the Integration

 

1. Select Debug to test the pipeline and verify the Output shows a Succeeded status.

 

 

 

2. Refresh your Logic App’s Run History for the latest invocation.