I’ve received two time the same request from partners this week about the same topic, so probably this is something that should be cleared to everyone.
In Azure Logic Apps workflows, some triggers and actions support using a managed identity for authenticating access to resources protected by Azure Active Directory (ops… Microsoft Entra ID). When you use a managed identity to authenticate your connection, you don’t have to provide credentials, secrets, or Azure AD tokens.
Azure Logic Apps supports the system-assigned managed identity and the user-assigned managed identity:
- A logic app resource can enable and use only one unique system-assigned identity.
- A logic app resource can share the same user-assigned identity across a group of other logic app resources.
To enable the managed identity usage in Consumption Logic Apps:
- On the logic app menu, under Settings, select Identity.
- On the Identity pane, under System assigned, select On > Save. When Azure prompts you to confirm, select Yes.
Your Azure Logic app resource can now use the system-assigned identity. This identity is registered with Azure AD (or Microsoft Entra ID) and is represented by an object ID. Before you can use your Logic App’s managed identity for authentication, you have to set up access for the identity on the Azure resource where you want to use the identity. The way you set up access varies based on the resource that you want the identity to access.
On a Logic App (Standard) resource, the system-assigned identity is automatically enabled.
When all is configured, you can use managed identity in your connectors that support it. As an example, here is the HTTP connector:
What about the Dynamics 365 Business Central connector?
If you use the Dynamics 365 Business Central connector form Azure Logic Apps, it has the managed identity support:
But when you try to use it with a managed identity, the result will be something like the following:
This immediately appears like a permission error or like a wrong configuration of the identity (and so hours spent and going crazy for troubleshooting 😬).
But what happens here? Why this error?
Simply because the Dynamics 365 Business Central connector actually does not support using managed identities. The Dynamics 365 Business Central connector actually only supports using real users credentials. Using managed identity is a feature that is in the Microsoft’s backlog for a future update, but at the time of writing this post there’s not an official plan for releasing it.
There’s an idea submitted here if you want to push the backlog… 🙂
Stefano Demiliani 