I'm in the process of turning my PowerShell script into an Azure Function App, but I'm hitting a wall on how to authenticate with the Graph API using an App Registration. My current setup utilizes InteractiveBrowserCredential, allowing the Graph API operations to be performed on behalf of the signed-in user.
I've been trying to sign in using this code snippet:
`Connect-MgGraph -NoWelcome -ClientId $clientId -TenantId $tenantId -Scopes @(`
`"Permission1",`
`"Permission2",`
`...
)`
Is there a way to authenticate the Function App on behalf of the user from my calling script? If so, what's the best method to sign into my Function App to carry out the required actions?
2 Answers
It sounds like you already have a good start! If you're converting your PowerShell script into a Function App, make sure you set up a Key Vault to store your app's credentials securely. You'll want to give your Function App the necessary access to read those secrets as well. Don't forget to implement System Assigned Managed Identity for your Function App—this often simplifies API connections. Also, your app registration must have the right API permissions configured to align with the operations you're handling.
Instead of managing secrets, I recommend leveraging the System Assigned Managed Identity of your Function App. This way, you can avoid dealing with the hassle of secret expiration and rotations. It should help streamline your Graph API permissions significantly. However, do note that System Managed Identity typically only supports delegated permissions. It sounds like your function aims to support PIM role activations, which indeed requires those delegated permissions to work correctly.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically