Azure
Microsoft에서 관리하는 전 세계 데이터 센터 네트워크를 통해 애플리케이션과 서비스를 빌드, 배포, 관리하기 위한 클라우드 컴퓨팅 플랫폼 및 인프라입니다.
Support for V2 authentication in Logic App workflows
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
김경민
40
평판 포인트
In the Logic App workflow, the actions using V1 authentication are working fine, but the actions using V2 authentication are failing with a 403 Forbidden error.
I’ve tried various configurations such as firewall rules, permissions, and different authentication methods, but the same error keeps occurring. Could you let me know specifically what configurations are required for V2 authentication to work properly?
Azure
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 21%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자2025-07-11T09:47:41.47+00:00 Hello 김경민 •,
Thanks for reaching out.
The 403 Forbidden error when using V2 authentication in Logic Apps typically indicates an issue with permissions or identity configuration. Since you mentioned that V1 actions are working and only V2 are failing, it’s likely related to how authentication is handled differently in V2.Here are a few specific configuration checks and requirements to ensure V2 authentication works properly:
- Ensure the Logic App is using a managed identity (System-assigned or User-assigned)
Go to your Logic App (Standard or Consumption).
Under "Identity", enable and note the Managed Identity (MSI).
This identity must have permission to access the downstream resource.
- Assign correct RBAC roles
Ensure that the Managed Identity has the necessary API permissions or Azure RBAC roles (e.g.,
Contributor,Reader,Storage Blob Data Reader, etc.) depending on the connector/resource you're accessing.For example, if you're calling Azure Key Vault:
The identity should have
Key Vault Secrets Useror a custom role withsecrets/getpermission.- For HTTP or Azure Function calls
If calling APIs secured with AAD (Azure AD), make sure:
The V2 authentication type is correctly set (OAuth 2.0 / MSI).
You provide the correct `audience` or `resource` in the authentication settings. The target API trusts your Logic App’s managed identity or app registration.- Check VNET integration and firewall
If the resource is behind a firewall or private endpoint:
Confirm that the Logic App is properly VNET-integrated.
The outbound IPs of the Logic App (or its VNET) must be allowed in the target resource firewall settings.- Verify the authentication method configuration
Some connectors or HTTP actions in V2 require slightly different formats or settings.
Example for OAuth2 V2:
json Copy "authentication": { "type": "ManagedServiceIdentity", "resource": "https://<resource>.azure.net" }Use a simple HTTP action with V2 authentication to call a known endpoint (like Azure Management API) to verify the identity and permissions are set correctly.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-14T05:51:45.9433333+00:00 Hello 김경민 •,
Just checking in to see if you've had a chance to review my previous response. Let me know if you have any additional questions. -
김경민 40 평판 포인트
2025-07-15T00:55:43.1+00:00 Hi, @Krishna Chowdary Paricharla
Thank you for your response. As you suggested, I’m sharing the configured settings with attached images.
Please let me know if there are any problematic areas or missing configurations.
1. Ensure the Logic App is using a managed identity (System-assigned or User-assigned)
2. Assign correct RBAC roles
4. Check VNET integration and firewall
Details of the List Blob (V2) action and the 403 error information:
- Work Flow Information (List Blob (V2))
- List Blob (V2) Action Outputs Info.
- Status Code: 403
- Body
{ "status": 403, "source": "https://logic-apis-koreacentral-001.token.azure-apim.net:443/tokens/logic-apis-koreacentral-001/b49b6997c0a44d42/azureblob/a706ca63e69f4b73a54fe0cbf3588452/exchange", "message": "Error from token exchange: Permission denied due to missing connection ACL: User = 435c1340-f832-4d68-a6b4-f1ac239d1ba3@f67255a8-0525-4454-88a6-bf4216fffc68 appid=9990609e-58ce-49ba-8b0a-b27127423d1c, connection=logic-apis-koreacentral-001/b49b6997c0a44d42/azureblob/a706ca63e69f4b73a54fe0cbf3588452" }For reference, I confirmed that it’s possible to obtain an Azure AD token via an HTTP call and use that token to create a file in Storage. However, what I want is to handle this with a single action using V2 authentication.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-15T10:58:09.98+00:00 Hello 김경민 •,
Thank you for sharing the detailed configuration and error output. Based on your setup and the error message:
"Permission denied due to missing connection ACL"This indicates the issue is not with the identity or RBAC, but with the Logic App connection resource enforcing Connection ACL rules.
Steps to Fix the issue:
Go to the Azure Portal > Resource Group where your Logic App is deployed.
Locate the connection resource used by the “List blobs (V2)” action. Its name usually starts with:
arduino Copy azureblob-<random-id> OR azureblob-logic-apis-koreacentral-001-...Open that connection resource and go to “Access Control (IAM)”.
Click “Add role assignment”:
- Role: Logic App Contributor or Logic App Operator
- Assign to: The managed identity of your Logic App (shown as:
telenor-la-poc)
If available, also check “Access Policy” or “Connection ACL” tabs and explicitly add your Logic App's managed identity as an allowed caller.
-
김경민 40 평판 포인트
2025-07-16T00:31:07.06+00:00 Hi, @Krishna Chowdary Paricharla
Even after assigning permissions to the API Connection resource and granting the Logic App Contributor role to the Resource Group containing the API Connection, the same error persists.
Additionally, I tried creating and testing new authentication configurations using both Managed Identity and Service Principal, but the issue remains unchanged.
Could you check if there are any other settings or restrictions that might be causing this?
I’ll attach images of the steps I’ve tried:
- Logic App Contributor role assignment
- Workflow Run History after the role assignment
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-16T07:37:24.38+00:00 Hello 김경민 •,
Based on the shared configuration and error message, the issue is occurring due to a missing permission on the API Connection resource (azureblob-9) that is blocking the token exchange step required by theList blobs (V2)action.Please follow these steps:
- Go to the API Connection (
azureblob-9). - Navigate to Access control (IAM).
- Assign your Logic App’s managed identity the role: API Connection Runtime Role (or Logic App Managed Identity Operator).
This role enables the Logic App to securely perform token exchange via the API connection. Once this is done, re-run the workflow, and the 403 should be resolved.
Let me know if it continues after this change.
- Go to the API Connection (
-
김경민 40 평판 포인트
2025-07-17T01:42:54.4333333+00:00 Hi, @Krishna Chowdary Paricharla
I don’t see the permission you mentioned. Could you provide a more detailed guide?
(Even after assigning the permissions shown in the attached image, the same error still occurs.)
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-21T08:34:04.1433333+00:00 Hello 김경민 •,
Could you please check the private message and provide the required details for troubleshooting the issue further.
Here is the reference link on how to access & data retention policy of private messages in Microsoft Q&A.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-22T08:50:42.4933333+00:00 Hello 김경민 •,
Just checking in to see if you've had a chance to review my previous response. Let me know if you have any additional questions.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-23T06:22:01.13+00:00 Hello 김경민 •,
I wanted to follow up to see if you’ve had an opportunity to look over my earlier response. Please let me know if you have any further questions
-
김경민 40 평판 포인트
2025-07-23T07:27:24.1533333+00:00 Hi, @Krishna Chowdary Paricharla .
I can’t see the private message. Could you please send it again?
I’m available to check between 8 AM and 5 PM KST.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-24T12:04:42.2433333+00:00 Hello 김경민 •,
I wanted to follow up to confirm if you have had an opportunity to review the private message I resent. Please let me know if you have any further questions.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-25T14:01:27.5233333+00:00 Hello 김경민 •,
Just checking in to see if you've had a chance to review my previous response. Let me know if you have any additional questions.
-
김경민 40 평판 포인트
2025-07-27T23:05:19.27+00:00 Hi, @Krishna Chowdary Paricharla
I can't find the message. Could you please explain in detail where I can check the message, including the exact menu and location? I had trouble understanding from the guide documentation.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-29T08:16:58.95+00:00 Hello 김경민 •,
Could you please confirm whether the Logic App and the Storage Account are located in the same region or in different regions?
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-30T12:53:27.3166667+00:00 Hello 김경민 •,
Just checking in to see if you've had a chance to review my previous response. Let me know if you have any additional questions.
-
Krishna Chowdary Paricharla 2,915 평판 포인트 Microsoft 외부 직원 중재자
2025-07-31T14:39:01.19+00:00 Hello 김경민 •,
I wanted to follow up to see if you’ve had an opportunity to look over my earlier response. Please let me know if you have any further questions
의견을 남기려면 로그인하세요.
로그인하여 답변