Continuing to Monitor Azure AD Client Secrets, Initially we were getting the information about the expiration of your Azure AD app client secrets. Now we need to send notification to the user who can renew their secrets in time.
For that we might require Azure Logic App. We are using it because Logic Apps have a set of built-in connectors that can connect to Microsoft Outlook to send E-mail notification to the respective secret’s owner.
Create Azure Logic App
- Login to Azure Portal
- Search for Azure Logic App
- Enter the Logic App Name and appropriate Region
- Choose the Consumption Type Plan
![Azure Logic App as a Connector to send notification]()
- Choose the same Resource Group in which the Azure Function is created.
![Azure Logic App as a Connector to send notification]()
- Go to Logic App Designer
Azure Logic App Triggers
Triggers are an integral part of Logic App’s workflow, which fires when a specific event happens, or when newly available data meets a specific criterion. Whenever the trigger is fired, the Logic App engine creates a Logic App instance that runs the actions in the form of a workflow. You can choose which trigger to use depending on specific User Case.
- Create a HTTP Trigger, so that when the data is sent to API Endpoint i.e. when a HTTP request is received, it will trigger the connector to send the notification.
![Azure Logic App as a Connector to send notification]()
- Choose the method POST. You can even add any endpoint name as parameter.
![Azure Logic App as a Connector to send notification]()
- Create a HTML Table so that you can format the incoming JSON data in the form of Table for better understanding.
- In the From column, search from the Dynamic Content and add Body parameter that mentions that the content is taken from body of HTTP request.
![Azure Logic App as a Connector to send notification]()
Azure Logic App Connectors
Azure eases the communication to third party tools using built-in connectors through which we can create automated tasks and workflows. For our current User Case, using Office 365 Outlook connector we can automate the task of sending e-mails.
- Add another step and search for Outlook connector.
![Azure Logic App as a Connector to send notification]()
- In order for this connector, you need to Sign In to your outlook account from which the alert mails will be sent.
![Azure Logic App as a Connector to send notification]()
- After signing in, from the Actions tab select ‘Send an email’ option.
![Azure Logic App as a Connector to send notification]()
- Compose the mail. Now to display the expiring secrets, we need to add dynamic content in the Body. From the Dynamic content, select the Output option that will send us the data in the table form that we created earlier.
![Azure Logic App as a Connector to send notification]()
- Finally the flow of Logic App is complete. Any incoming HTTP call with the secrets will send the email to the respective owner. A demo run would look like this.
![Azure Logic App as a Connector to send notification]()
- The mail received will be of the following format.
![Azure Logic App as a Connector to send notification]()
- To find the history of all the times that the Logic App ran, go to the Overview Tab.
![Azure Logic App as a Connector to send notification]()
Now our eyes are on the expiring Client Secrets before they expire and we can configure the Azure Function to trigger it on a regular basis depending on requirement and cost constraints.