Create and manage integration accounts for B2B workflows in Azure Logic Apps with the Enterprise Integration Pack

Applies to: Azure Logic Apps (Consumption + Standard)

Before you can build business-to-business (B2B) and enterprise integration workflows using Azure Logic Apps, you need to create an integration account resource. This account is a scalable cloud-based container in Azure that simplifies how you store and manage B2B artifacts that you define and use in your workflows for B2B scenarios, for example:

You also need an integration account to electronically exchange B2B messages with other organizations. When other organizations use protocols and message formats different from your organization, you have to convert these formats so your organization's system can process those messages. With Azure Logic Apps, you can build workflows that support the following industry-standard protocols:

This guide shows how to complete the following tasks:

  • Create an integration account.
  • Set up storage access for a Premium integration account.
  • Link your integration account to a logic app resource.
  • Change the pricing tier for your integration account.
  • Unlink your integration account from a logic app resource.
  • Move an integration account to another Azure resource group or subscription.
  • Delete an integration account.

If you're new to creating B2B enterprise integration workflows in Azure Logic Apps, see B2B enterprise integration workflows with Azure Logic Apps and Enterprise Integration Pack.

Prerequisites

  • An Azure account and subscription. If you don't have an Azure subscription, sign up for a free Azure account. Make sure that you use the same Azure subscription for both your integration account and logic app resource.

  • Whether you're working on a Consumption or Standard logic app workflow, your logic app resource must already exist before you can link your integration account.

    • For Consumption logic app resources, this link is required before you can use the artifacts from your integration account with your workflow. Although you can create your artifacts without this link, the link is required when you're ready to use these artifacts.

    • For Standard logic app resources, this link is optional, based on your scenario:

      • If you have an integration account with the artifacts that you need or want to use, you can link the integration account to each Standard logic app resource where you want to use the artifacts.

      • Some Azure-hosted integration account connectors, such as AS2, EDIFACT, and X12, let you create a connection to your integration account. If you're just using these connectors, you don't need the link.

      • The built-in connectors named Liquid and Flat File let you select maps and schemas that you previously uploaded to your logic app resource or to a linked integration account.

        If you don't have or need an integration account, you can use the upload option. Otherwise, you can use the linking option, which also means you don't have to upload maps and schemas to each logic app resource. Either way, you can use these artifacts across all child workflows within the same logic app resource.

  • Basic knowledge about how to create logic app workflows. For more information, see the following documentation:

Create integration account

Integration accounts are available in different tiers that vary in pricing. Based on the tier you choose, creating an integration account might incur costs. For more information, see Azure Logic Apps pricing and billing models and Azure Logic Apps pricing.

Based on your requirements and scenarios, determine the appropriate integration account tier to create. The following table describes the available tiers:

Your integration account uses an automatically created and enabled system-assigned managed identity to authenticate access.

Tier Description
Premium (preview) Note: This capability is in preview and is subject to the Supplemental Terms of Use for Microsoft Azure Previews.

For scenarios with the following criteria:

- Store and use unlimited artifacts, such as partners, agreements, schemas, maps, certificates, and so on.

- Bring and use your own storage, which contains the relevant runtime states for specific B2B actions and EDI standards. For example, these states include the MIC number for AS2 actions and the control numbers for X12 actions, if configured on your agreements.

To access this storage, your integration account uses its system-assigned managed identity, which is automatically created and enabled for your integration account.

You can also apply more governance and policies to data, such as customer-managed ("Bring Your Own") keys for data encryption. To store these keys, you'll need a key vault.

- Set up and use a key vault to store private certificates or customer-managed keys. To access these keys, your Premium integration account uses its system-assigned managed identity, not an Azure Logic Apps shared service principal.

Pricing follows Standard integration account pricing.

Note: During preview, your Azure bill uses the same meter name and ID as a Standard integration account, but changes when the Premium level becomes generally available.

Limitations and known issues:

- Currently doesn't support virtual networks.

- If you use a key vault to store private certificates, your integration account's managed identity might not work. For now, use the linked logic app's managed identity instead.

- Currently doesn't support the Azure CLI for Azure Logic Apps.
Standard For scenarios where you have more complex B2B relationships and increased numbers of entities that you must manage.

Supported by the Azure Logic Apps SLA.
Basic For scenarios where you want only message handling or to act as a small business partner that has a trading partner relationship with a larger business entity.

Supported by the Azure Logic Apps SLA.
Free For exploratory scenarios, not production scenarios. This tier has limits on region availability, throughput, and usage. For example, the Free tier is available only for public regions in Azure, for example, West US or Southeast Asia, but not for Microsoft Azure operated by 21Vianet or Azure Government.

Note: Not supported by the Azure Logic Apps SLA.

For this task, you can use the Azure portal, Azure CLI, or Azure PowerShell.

Important

For you to successfully link and use your integration account with your logic app, make sure that both resources exist in the same Azure subscription and Azure region.

  1. In the Azure portal search box, enter integration accounts, and select Integration accounts.

  2. Under Integration accounts, select Create.

  3. On the Create an integration account pane, provide the following information about your integration account:

    Property Required Value Description
    Subscription Yes <Azure-subscription-name> The name for your Azure subscription
    Resource group Yes <Azure-resource-group-name> The name for the Azure resource group to use for organizing related resources. For this example, create a new resource group named FabrikamIntegration-RG.
    Integration account name Yes <integration-account-name> Your integration account's name, which can contain only letters, numbers, hyphens (-), underscores (_), parentheses (()), and periods (.). This example uses Fabrikam-Integration.
    Pricing Tier Yes <pricing-level> The pricing tier for the integration account, which you can change later. For this example, select Free. For more information, see the following documentation:

    - Logic Apps pricing model
    - Logic Apps limits and configuration
    - Logic Apps pricing
    Storage account Available only for the Premium (preview) integration account None The name for an existing Azure storage account. For the example in this guide, this option doesn't apply.
    Region Yes <Azure-region> The Azure region where to store your integration account metadata. Either select the same location as your logic app resource, or create your logic apps in the same location as your integration account. For this example, use West US.
    Enable log analytics No Unselected For this example, don't select this option.
  4. When you're done, select Review + create.

    After deployment completes, Azure opens your integration account.

  5. If you created a Premium integration account, make sure to set up access to the associated Azure storage account.

Set up storage access for Premium integration account

To read artifacts and write any state information, your Premium integration account needs access to the selected and associated Azure storage account. Your integration account uses its automatically created and enabled system-assigned managed identity to authenticate access.

  1. In the Azure portal, open your Premium integration account.

  2. On the integration account menu, under Settings, select Identity.

  3. On the System assigned tab, which shows the enabled system-assigned managed identity, under Permissions, select Azure role assignments.

  4. On the Azure role assignments toolbar, select Add role assignment (preview), provide the following information, select Save, and then repeat for each required role:

    Parameter Value Description
    Scope Storage For more information, see Understand scope for Azure RBAC.
    Subscription <Azure-subscription> The Azure subscription for the resource to access.
    Resource <Azure-storage-account-name> The name for the Azure storage account to access.

    Note If you get an error that you don't have permissions to add role assignments at this scope, you need to get those permissions. For more information, see Microsoft Entra built-in roles.
    Role - Storage Account Contributor

    - Storage Blob Data Contributor

    - Storage Table Data Contributor
    The roles that your Premium integration account requires to access your storage account.

    For more information, see Assign Azure role to system-assigned managed identity

  5. Next, link your integration account to your logic app resource.

For you to successfully link your integration account to your logic app resource, make sure that both resources use the same Azure subscription and Azure region.

This section describes how to complete this task using the Azure portal. If you use Visual Studio and your logic app is in an Azure Resource Group project, you can link your logic app to an integration account by using Visual Studio.

  1. In the Azure portal, open your logic app resource.

  2. On your logic app's navigation menu, under Settings, select Workflow settings. Under Integration account, open the Select an Integration account list, and select the integration account you want.

    Screenshot shows Azure portal, integration account menu with open page named Workflow settings, and opened list named Select an Integration account.

  3. To finish linking, select Save.

    Screenshot shows page named Workflow settings, and selected Save option.

    After your integration account is successfully linked, Azure shows a confirmation message.

    Screenshot shows Azure confirmation message.

Now your logic app workflow can use the artifacts in your integration account plus the B2B connectors, such as XML validation and flat file encoding or decoding.

Change pricing tier

To increase the limits for an integration account, you can upgrade to a higher pricing tier, if available. For example, you can upgrade from the Free tier to the Basic tier, Standard tier, or Premium tier. You can also downgrade to a lower tier, if available. For more information pricing information, review the following documentation:

Upgrade pricing tier

To make this change, you can use either the Azure portal or the Azure CLI.

  1. In the Azure portal search box, enter integration accounts, and select Integration accounts.

    Azure shows all the integration accounts in your Azure subscriptions.

  2. Under Integration accounts, select the integration account that you want to move. On your integration account resource menu, select Overview.

    Screenshot shows Azure portal with integration account menu and selected Overview option.

  3. On the Overview page, select Upgrade Pricing Tier, which lists any available higher tiers. When you select a tier, the change immediately takes effect.

    Screenshot shows integration account, Overview page, and selected option to Upgrade Pricing Tier.

Downgrade pricing tier

To make this change, use the Azure CLI.

  1. If you haven't done so already, install the Azure CLI prerequisites.

  2. In the Azure portal, open the Azure Cloud Shell environment.

    Screenshot shows Azure portal toolbar with selected Cloud Shell.

  3. At the command prompt, enter the az resource command and set skuName to the lower tier that you want.

    az resource update --resource-group <resourceGroupName> --resource-type Microsoft.Logic/integrationAccounts --name <integrationAccountName> --subscription <AzureSubscriptionID> --set sku.name=<skuName>
    

    For example, if you have the Standard tier, you can set skuName to Basic:

    az resource update --resource-group FabrikamIntegration-RG --resource-type Microsoft.Logic/integrationAccounts --name Fabrikam-Integration --subscription XXXXXXXXXXXXXXXXX --set sku.name=Basic
    

If you want to link your logic app to another integration account, or no longer use an integration account with your logic app, delete the link by using Azure Resource Explorer.

  1. Open your browser window, and go to Azure Resource Explorer (https://resources.azure.com). Sign in with the same Azure account credentials.

    Screenshot shows a web browser with Azure Resource Explorer.

  2. In the search box, enter your logic app's name to find and open your logic app.

    Screenshot shows explorer search box, which contains your logic app name.

  3. On the explorer title bar, select Read/Write.

    Screenshot shows title bar with selected option for Read/Write.

  4. On the Data tab, select Edit.

    Screenshot shows Data tab with selected option for Edit.

  5. In the editor, find the integrationAccount object, which has the following format, and delete the object:

    {
       // <other-attributes>
       "integrationAccount": {
          "name": "<integration-account-name>",
          "id": "<integration-account-resource-ID>",
          "type": "Microsoft.Logic/integrationAccounts"  
       },
    }
    

    For example:

    Screenshot shows how to find the object named integrationAccount.

  6. On the Data tab, select Put to save your changes.

    Screenshot shows Data tab with Put selected.

  7. In the Azure portal, open your logic app. On your logic app menu, under Workflow settings, confirm that the Integration account property now appears empty.

    Screenshot shows Azure portal, logic app menu, and selected Workflow settings.

Move integration account

You can move your integration account to another Azure resource group or Azure subscription. When you move resources, Azure creates new resource IDs, so make sure that you use the new IDs instead and update any scripts or tools associated with the moved resources. If you want to change the subscription, you must also specify an existing or new resource group.

For this task, you can use either the Azure portal by following the steps in this section or the Azure CLI.

  1. In the Azure portal search box, enter integration accounts, and select Integration accounts.

    Azure shows all the integration accounts in your Azure subscriptions.

  2. Under Integration accounts, select the integration account that you want to move. On your integration account menu, select Overview.

  3. On the Overview page, next to either Resource group or Subscription name, select change.

    Screenshot shows Azure portal, integration account, Overview page, and selected change option, which is next to Resource group or Subscription name.

  4. Select any related resources that you also want to move.

  5. Based on your selection, follow these steps to change the resource group or subscription:

    • Resource group: From the Resource group list, select the destination resource group. Or, to create a different resource group, select Create a new resource group.

    • Subscription: From the Subscription list, select the destination subscription. From the Resource group list, select the destination resource group. Or, to create a different resource group, select Create a new resource group.

  6. To acknowledge your understanding that any scripts or tools associated with the moved resources won't work until you update them with the new resource IDs, select the confirmation box, and then select OK.

  7. After you finish, make sure that you update all scripts with the new resource IDs for your moved resources.

Delete integration account

For this task, you can use either the Azure portal by following the steps in this section, Azure CLI, or Azure PowerShell.

  1. In to the Azure portal search box, enter integration accounts, and select Integration accounts.

    Azure shows all the integration accounts in your Azure subscriptions.

  2. Under Integration accounts, select the integration account that you want to delete. On your integration account menu, select Overview.

    Screenshot shows Azure portal with integration accounts list and integration account menu with Overview selected.

  3. On the Overview page, select Delete.

    Screenshot shows Overview page with Delete selected.

  4. To confirm that you want to delete your integration account, select Yes.

    Screenshot shows confirmation box with Yes selected.

Next steps