Search code examples

Azure Logic App Authorization Policy set via Bicep

When creating a consumption Azure Logic App using Azure Bicep -

How do you create configure Azure Active Directory Authorization Policies and set the

  • Policy Name
  • Policy Type
  • Claims (Issuer, Audience and a custom claim)

From Azure Portal its under Logic App > Authorization > Add Policy:

Logic App Authorization screen

Here's my bicep file:

param name string = 'testlogicapptb'
param location string = 'Australia Southeast'

resource logicApp 'Microsoft.Logic/workflows@2019-05-01' = {
  name: name
  location: location
  properties: {
    definition: {
      '$schema': ''
      contentVersion: ''
    parameters: {}
    accessControl: {
      triggers: {
        allowedCallerIpAddresses: [
            addressRange: ''

        //Doesn't work - just trying anything
        openAuthenticationPolicies: {
          policies: {
            name: 'test'
            type: 'AAD'
            issuer: 'https://123/'
            audience: '123'
            claim: {
              name: 'role'
              value: '123'

Here's the reference documentation but it doesn't describe how to format the policies and it just circles back around on itself.

If I search the web for anything related to OpenAuthenticationAccessPolicies I can't find anything or even know if I'm looking at the right thing.

I've tried exporting the ARM template and converting that to bicep - however the policies entered through the Portal do not come out in the export.

Even if its not bicep how do I programmatically set these up?


  • main.bicep

    @description('The name of the logic app to create.')
    param logicAppName string = 'wbtestlogicapp'
    @description('A test URI')
    param testUri string = ''
    @description('Location for all resources.')
    param location string = resourceGroup().location
    var policyName = 'aadPolicyTest'
    var frequency = 'Hour'
    var interval = '1'
    var type = 'recurrence'
    var actionType = 'http'
    var method = 'GET'
    resource stg 'Microsoft.Logic/workflows@2019-05-01' = {
      name: logicAppName
      location: location
      tags: {
        displayName: logicAppName
      properties: {
        definition: {
          '$schema': ''
          contentVersion: ''
          parameters: {
            testUri: {
              type: 'string'
              defaultValue: testUri
          triggers: {
            recurrence: {
              type: type
              recurrence: {
                frequency: frequency
                interval: interval
          actions: {
            actionType: {
              type: actionType
              inputs: {
                method: method
                uri: testUri
        accessControl: {
          triggers: {
              policies: {
                '${policyName}': {
                  type: 'AAD'
                  claims: [
                      name: 'iss'
                      value: ''
                      name: 'aud'
                      value: ''
                      name: 'sub'
                      value: 'xxxxxxxxxxx-7d1e-4d9f-xxx-xxxxxxxxxxxxxxx'
    output name string =
    output resourceId string =
    output resourceGroupName string = resourceGroup().name
    output location string = location


    enter image description here