authenticate Function Azure #6345
-
|
Hello good morning and happy new year everyone. I'll give you a little preamble: I would like to use the "Access control" API if possible
my problem is that when the timed function in azure is triggered, I am not tied to any user and therefore I do not have an active authentication token How can I authenticate to use the API within Bentley? Thanks for your help |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 1 reply
-
|
What do you mean by "people responsible for the Bentley probe" ? Are you talking about emailing bentley colleagues or someone who is working with these apis? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I would like to send emails to Bentley colleagues, if they have the role to receive the email |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I would like to send emails to Bentley colleagues, if they have the role to receive the email |
Beta Was this translation helpful? Give feedback.
-
|
In your timed Azure function itself, you can get a user token and send email using Microsoft Graph API. Also, create RBAC policies and groups from tenants' Powershell. |
Beta Was this translation helpful? Give feedback.
-
|
Based on your comments "when the timed function in azure is triggered, I am not tied to any user and therefore I do not have an active authentication token", I would suggest that you use service accounts. Service application workflows are used for machine-to-machine workflows, which is exactly the scenario that you have: https://developer.bentley.com/apis/overview/authorization/#authorizing-service-machine-to-machine. Now, to provide access to your service application, you'll need to invite this service application to the iTwins which is should have access. You can do this using the access control api: https://developer.bentley.com/apis/access-control-v2/operations/add-itwin-user-members/ Then, using your service application, you could query all member of the iTwin. I would NOT suggest that you use a roll to differentiate who to send email to though. What you can do, is group the email list into an access-control group (https://developer.bentley.com/apis/access-control-v2/operations/create-itwin-group/), and then use that group to maintain the list of users which should receive an email from your automated workflow. |
Beta Was this translation helpful? Give feedback.
Based on your comments "when the timed function in azure is triggered, I am not tied to any user and therefore I do not have an active authentication token", I would suggest that you use service accounts. Service application workflows are used for machine-to-machine workflows, which is exactly the scenario that you have: https://developer.bentley.com/apis/overview/authorization/#authorizing-service-machine-to-machine.
Now, to provide access to your service application, you'll need to invite this service application to the iTwins which is should have access. You can do this using the access control api: https://developer.bentley.com/apis/access-control-v2/operations/add-itwin-user-members/
T…