This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 38%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Hi,
I hope someone can help me to figure out a way to solve our challenge with deploying our Azure Managed Application thru marketplace.
Currently we have done an application that consists of a Azure WebApp and a storage account.
Our challenge is that when we deploy the web app into the customers tenant (e.g. custapp.azurewebsites.net), we need to have an Entra Id app registration with client id and client secret. We also need to ensure that the App registration is configured with correct callback url (e.g. https://custapp.azurewebsites.net/signin-oidc).
Have anyone solved this so customers can easily on-board a webapps with Entra ID signin as managed applications ?
Kind regards,
Nicolai Petri
Hi , hope doing well
To address your query , please check below
Automate the Configuration:
https://custapp.azurewebsites.net/signin-oidc) for the App Registration.
please accept answer if it has helped
Hi Deepanshu,
Thanks you for the proposal but as far as I can see this will not really solve the main issue.
I can create a powershell script that provisions and app registration and updates app configuration (or a key vault), but I cannot run this during the deployment from Azure Marketplace without creating a User Defined Identity to run the script as. So asking user upfront for creating the user defined identity is not much better than asking the user to create the app registration manually.
Running the script from the ARM / Bicep deployment would work great if it could be executed with the permissions of the user deploying from Azure Marketplace.
Kind regards,
Nicolai Petri
Hi Nicholai
I understand your concern. It seems that you want to simplify the onboarding process for your Azure Managed Application, specifically for configuring the Azure AD App Registration with the required client ID, client secret, and callback URL during deployment from the Azure Marketplace.
Indeed, executing a PowerShell script during deployment can be a viable solution, but you correctly pointed out that creating a User Defined Identity (Managed Identity) and running the script as the identity may not be an ideal user experience because it still involves manual steps.
To automate the deployment of your Azure Managed Application and the associated App Registration with Entra ID sign-in, here's an approach you can consider:
Integration with Azure Logic Apps or Azure Functions:
Azure Managed Application Custom Operations:
Managed Identity for Azure Logic Apps/Azure Functions:
ARM Template or Bicep Integration:
Remember that this is a high-level overview, and the specific implementation details can be customized according to your application's requirements
And I can recommend arm template and bicep integration one
Thanks!
Hi Deepanshu,
Thanks again for the follow up. Maybe you have futher information or examples of one of the above solutions ? It looks a bit like a what ChatGPT would provide of answers, and looking into details I don't think any of above is possible. We already deploy web app with managed identity, but there is no way to grant that permissions to create App Registration during the deployment based on the security context of the user deploying the solution.
I hope I miss something here, so a real example would be grant.
Kind regards,
Nicolai Petri
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.