How can I use a service principal in HTTP with Azure AD connector in logic apps

Question

I add an action to my logic app with the HTTP with Azure AD connector. When adding the acito, I'm prompted to create a connection, however there is only "User based auth" available with a "sign in" button. I need to use this connector with Service PRincipal auth, similar to Azure Data explorer. Is this/can this be supported?

see connection creation here:

vs. Azure Data Explorer

Answer 1

You are able to send HTTP request to azure ad API via HTTP action. Start by creating an service principal (app registration) with client ID and in your logic app first add HTTP action with the method post to get a valid bearer token as seen here: Remember to replace tenantId, clientId, clientSecret and resource depending on what api you want to query. Resources: Azure AD: https://graph.microsoft.com/ Azure Storage: https://storage.azure.com/

Next you will need to add a step to Parse the response body from the HTTP request above to be able to use the access token in further steps. Use the following schema:

{
"properties": {
    "access_token": {
        "type": "string"
    },
    "expires_in": {
        "type": "string"
    },
    "expires_on": {
        "type": "string"
    },
    "ext_expires_in": {
        "type": "string"
    },
    "not_before": {
        "type": "string"
    },
    "resource": {
        "type": "string"
    },
    "token_type": {
        "type": "string"
    }
},
"type": "object" }

Then you are able to do both GET and POST request against azure ad.

Answer 2

There is no option to connect with a service account or service principal when using the Azure AD actions in Logic Apps. The only option is to sign in with a Microsoft Account.

It seems that it's not supported to login on the HTTP with Azure AD connector with service principal. You can give your voice on this feedback to promote this feature.