Enable Authentication with Microsoft Entra ID

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Logic App (Standard) for Value, then choose Apply to list the Azure Logic Apps available in the selected subscription.

05 Click on the name (link) of the Azure Logic App that you want to examine.

06 In the resource navigation panel, under Settings, choose Authentication to access the authentication settings available for the selected Azure Logic App.

07 In the Identity provider section, search for the Microsoft identity provider. An identity provider is responsible for managing user identities and the authentication flow of your application. If Microsoft is not listed in the Identity provider section or there are no identity providers configured for your Logic App (i.e., the No identity provider message is displayed), authentication with Microsoft Entra ID is not enabled for the selected Azure Logic App.

08 Repeat steps no. 5 - 7 for each Azure Logic App deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equalls all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Logic App (Standard) for Value, then choose Apply to list the Azure Logic Apps available in the selected subscription.

05 Click on the name (link) of the Azure Logic App that you want to configure.

06 In the resource navigation panel, under Settings, choose Authentication to access the authentication settings available for the selected Azure Logic App.

07 On the Authentication page, choose either Add identity provider or Add provider, and perform the following actions to configure authentication with Microsoft Entra ID:

1. For Basics, select Microsoft from the Identity provider dropdown list.
2. For App registration, provide the ID of your Microsoft Entra ID app registration in the Application (client) ID box and enter the appropriate issuer URL in the Issuer URL box. An app registration associates your identity provider (in this case, Microsoft) with your Logic App. (Optional) For Allowed token audiences, enter your allowed token audience value.
3. For Additional checks, you can configure additional checks that will further control access:
   1. For Client application requirement, choose Allow requests only from this application itself or Allow requests from specific client applications and provide the names of the allowed client applications.
   2. For Identity requirement, choose Allow requests from any identity or Allow requests from specific identities and provide the names of the allowed identities.
   3. For Tenant requirement, choose Use default restrictions based on issuer or Allow requests from specific tenants and provide the names of the allowed tenants.
4. For App Service authentication settings, select Require authentication for Restrict access, and choose one of the supported HTTP status codes from the Unauthenticated requests list. Requiring authentication ensures that requests to your application include information about the caller.
5. Choose Add to apply the identity provider configuration. You are now ready to use the Microsoft identity platform for authentication in your Azure Logic App.

08 Repeat steps no. 5 - 7 for each Azure Logic App that you want to configure, deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.