Logic App Consumption deployment error: API connection is configured to support managed identity but the connection parameter is either missing or the authentication type is not Managed Service Identity

A few days ago, I published a blog post explaining how to configure an API connection to use Logic Apps Managed Identity in Visual Studio 2019. After completing the setup, I successfully deployed the Logic App. The deployment worked as expected, and the workflow ran correctly in my Azure subscription.

However, after that initial success, I applied some fine‑tuning to the Logic App. These were small logic changes and did not affect the action that used the connector configured with Managed Service Identity. Even so, after redeploying the solution, I unexpectedly started receiving the following error:

Template deployment returned the following errors:
The deployment ‘logicapp-XXXX-XXXX’ failed with error(s). Showing 1 out of 1 error(s).
Status Message: The workflow connection parameter ‘azureblob’ is not valid. The API connection ‘azureblob’ is configured to support managed identity but the connection parameter is either missing ‘authentication’ property in connection properties or authentication type is not ‘ManagedServiceIdentity’. (Code:WorkflowManagedIdentityConfigurationInvalid)
Deploying template using PowerShell script failed.

Cause

The cause of this issue was not simple to understand and find, but after a few minutes, I realized, and I was able to prove by reproducing this behavior several times, that any changes you make to your Logic App will delete the Managed Service Identity from the connection parameters inside the Logic App ARM Template.

When I was checking the, in my case, Azure Blob connection configurations, I realized that the current existing configuration was:

"parameters": {
          "$connections": {
            "value": {
              "azureblob": {
                "id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('logicAppLocation'), '/managedApis/', 'azureblob')]",
                "connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureblob_Connection_Name'))]",
                "connectionName": "[parameters('azureblob_Connection_Name')]"
              }
            }
          }
        }

Instead of what I described in my previous blog post:

"parameters": {
          "$connections": {
            "value": {
              "azureblob": {
                "id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('logicAppLocation'), '/managedApis/', 'azureblob')]",
                "connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureblob_Connection_Name'))]",
                "connectionName": "[parameters('azureblob_Connection_Name')]",
                "connectionProperties": {
                  "authentication": {
                    "type": "ManagedServiceIdentity"
                  }
                }
              }
            }
          }
        }

Solution

The steps to solve this issue are quite simple. You just need to set up the authentication parameter to be Managed Service Identity. To do that, you need to:

• Search for your connector name, in my case, type azureblob.
• Find the azureblob connection properties inside your Logic App parameters > connections. and then add the following settings:

"parameters": {
          "$connections": {
            "value": {
              "azureblob": {
                "id": "[concat(subscription().id, '/providers/Microsoft.Web/locations/', parameters('logicAppLocation'), '/managedApis/', 'azureblob')]",
                "connectionId": "[resourceId('Microsoft.Web/connections', parameters('azureblob_Connection_Name'))]",
                "connectionName": "[parameters('azureblob_Connection_Name')]",
                "connectionProperties": {
                  "authentication": {
                    "type": "ManagedServiceIdentity"
                  }
                }
              }
            }
          }
        }

After this, I was able to successfully deploy our Logic App Consumption once again.

Note that every time you change anything inside the Logic App designer, this ConnectionProperties section will be removed from our ARM Template. You must always add it. For me, this is a small bug-

I hope you find this helpful! If you liked the content or found it helpful and want to help me write more, you can buy (or help buy) my son a Star Wars Lego set! 

Author: Sandro Pereira

Sandro Pereira lives in Portugal and works as a consultant at DevScope. In the past years, he has been working on implementing Integration scenarios both on-premises and cloud for various clients, each with different scenarios from a technical point of view, size, and criticality, using Microsoft Azure, Microsoft BizTalk Server and different technologies like AS2, EDI, RosettaNet, SAP, TIBCO etc. He is a regular blogger, international speaker, and technical reviewer of several BizTalk books all focused on Integration. He is also the author of the book “BizTalk Mapping Patterns & Best Practices”. He has been awarded MVP since 2011 for his contributions to the integration community. View all posts by Sandro Pereira