Forum Discussion

nullorempty's avatar
nullorempty
Copper Contributor
Jan 06, 2021

Azure SharePoint Logic App Connector Security

Using the SharePoint Logic App connector, how can the Azure Key Vault be leveraged in place of a hard-coding AD account? Currently, we are using a dedicated AD account to authenticate with SharePo...
azure
Logic App
SharePoint Online
Matti Paukkonen's avatar
Matti Paukkonen
Iron Contributor
Jan 07, 2021

Hi nullorempty 

 

Standard KeyVault connector also supports Service Principals. So you can register new App on Azure AD, create an access policy KeyVault for that principal and use principal's ClientId and Secret on the KeyVault connector.

 

I have been using System Managed identity to access KeyVault from Azure Logic Apps. The standard KeyVault connector is not supporting it, so I needed to used HTTP connector.

 

1. Enable System assigned identity to your Logic App

2. Create access policy to KeyVault for that identity with needed permissions

3. On your Logic App, URI for HTTP action is the identifier of your key/secret/certificate, which you get from KeyVault. Remember to add api-version to queries with value 2016-10-01. For authentication, pick Managed Identity and for audience add https://vault.azure.net

HTTP action returns an JSON object, where returned value is on value property.

 

 

Resources