Use Azure Data Factory to invoke Logic App via Managed Identity Authentication

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .



Configure a Logic App (Consumption) with Azure Active Directory Open Authentication so that it can be called/invoked by an Azure Data Factory Web Activity via Managed Identity.





Services Used


  • Azure Logic Apps (Consumption)
  • Azure Data Factory




(1/2) Logic App Setup


1. Create a Logic App with an HTTP Trigger: Call, trigger, or nest logic apps by using Request triggers - Azure Logic Apps | Microsoft Learn

a. Make a note of the callable endpoint / webhook / trigger URL





2. On the Logic App, go to Authorization and add the Authorization Policy in the Logic App: Secure access and data - Azure Logic Apps | Microsoft Learn


Policy [Policy Name]
Policy Type AAD

Issuer[Tenant ID]/ 







3. Add the Trigger Condition: Secure access and data - Azure Logic Apps | Microsoft Learn

  1. On the trigger, add the following Trigger Condition: @startsWith(triggerOutputs()?['headers']?['Authorization'], 'Bearer')





4. Include ‘Authorization’ header in request trigger outputs: Secure access and data - Azure Logic Apps | Microsoft Learn

  1. Open Code View
  2. Add and set the operationOptions property to IncludeAuthorizationHeadersInOutputs


Final Code View of the Logic App Trigger:









"triggers": {
            "manual": {
                "conditions": [
                        "expression": "@startsWith(triggerOutputs()?['headers']?['Authorization'], 'Bearer')"
                "inputs": {
                    "schema": {}
                "kind": "Http",
                "operationOptions": "IncludeAuthorizationHeadersInOutputs",
                "type": "Request"











(2/2) Azure Data Factory Setup


5. Create a Web Activity in Azure Data Factory: Web Activity - Azure Data Factory & Azure Synapse | Microsoft Learn

  1. Enter the following required values (along with additional optional parameters) on the Web Activity.
  2. Remove the SAS token when entering Logic App URL on the Web Activity to ensure it will not use SAS Token authentication during invocation.
Property Sample Value Comments
URL https://prod-[xx].[region][Workflow ID]/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0<removed> Copied from Step 1a



This can be changed on the Logic App trigger



Valid JSON



System Assigned Managed Identity








Testing the Integration


  1. Select Debug to test the pipeline and verify the Output shows a Succeeded status.





  1. Refresh your Logic App’s Run History for the latest invocation.





Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.