What are the correct claims to use in a logic app when calling from a synapse workspace that has managed identity?

adv00000 6 Reputation points
2022-01-20T13:11:29.567+00:00

Scenario: A Synapse Workspace with a Managed Identity is used to make an HTTP call to a Logic App. The Workspace identity is granted the Contributor role in the Logic App.

On the logic app trigger, using default claims (Audience, Issuer) with or without custom claims (v1 token claims appid and appidacr, or v2 token claims azp, azpacr) return a token mismatch error to the caller.

On Synapse side, a Web Activity is used with authentication set to "Managed Identity", with the same Audience as in the Logic App trigger in the "Resource" field of the Activity settings.

How can I get this working?

Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,838 questions
Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,358 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,436 questions
{count} votes