SPARK utilizes function apps to return data from the database for the user logged in. The authentication token is used to ensure only data returned is for the specified user.

Requirements

The Azure Administrator will be required for this step. The user must have:

  • Owner role for the subscription
  • Access to the Azure Portal

Reference Link

Step 1: Sign into Azure

Use the correct URL for your environment:

Environment Login URL
Worldwide (Commercial) https://portal.azure.com
GCC https://portal.azure.com
GCC High https://portal.azure.us
DoD https://portal.azure.us

Step 2: Create Function App

  1. Enter function app in the top search navigation
  2. Click on Function App
View Function App

3. Click on Create

Create Function App

4. Select the App Service option for hosting

5. Click on Select

Select Plan

6. Set the following properties and click on Next

Name Value
Resource Group The resource group created in step 4
Function App name A unique name for the function app service
(Example: sub-spark-fa)
Operating System Windows
Runtime stack PowerShell Core
Version 7.4
Region Select the same region we have been doing
Pricing Plan Basic B1
Create Function App Service

7. Select the storage account created in step 9, and click on Next

Create Function App Storage

8. Review the network settings and configure as appropriate for your organization, and click on Next

Create Function App Networking

9. Review the monitoring settings and configure as appropriate for your organization

10. Click on Next until you are at the Authentication tab

[!NOTE] Enabling application insights may incur additional costs.

Create Function App Monitoring

11. Set the Authentication type to Managed Identity

12. Select uami-spark-spoactions from the Managed Identity dropdown

13. Click on Next until you are at Review + create

14. Click on Create to create the function app

Create Function App Authentication

Step 3: Configure App Files

  1. Select App files under the Functions section in the left navigation
  2. From the file dropdown, select profile.ps1
  3. Reference the profile.ps1 file, copy the contents and save the changes
  4. From the file dropdown, select requirements.psd1
  5. Reference the requirements.psd1 file, copy the contents and save the changes
App Files

Step 4: Configure CORS

  1. Select CORS under the API section in the left navigation
  2. Add the v_spoRootUrl value from the variables spreadsheet to the CORS configuration
  3. Click on Save

[!NOTE] This will allow api requests from the SharePoint environment.

CORS

Step 5: Configure Environment Variables

  1. Select Environment variables under the Settings section in the left navigation
  2. Add the following variables shown in the table below
  3. Click on Save
  4. Click on Apply at the bottom after all variables have been saved
Name Value
ClientId The v_clientId value from the variables spreadsheet
SubscriptionId The v_subscriptionId value from the variables spreadsheet
SqlConnectionString The v_sqlConnectionString value from the variables spreadsheet
Environment Variables

Step 6: Configure Identity

  1. Select Identity under the Settings section in the left navigation
  2. Click on the User assigned tab and validate that the uami-spark-spoactions identity is added
  3. If no identity is shown, click on Add and select the uami-spark-spoactions from the dropdown
  4. Click on Add
Identity

Step 7: Get appreg-spark-spoactions Information

  1. Refer to the appreg-spark-spoactions application registration
  2. From the Overview section, annotate the Client Id and Application ID URI values for the next step
App Reg Info

Step 8: Configure Authentication

  1. Select Authentication under the Settings section in the left navigation
  2. Click Add identity provider
Identity Provider

3. Select Microsoft from the Identity provider dropdown

4. Fill in the following properties

5. Click on Add

Name Value
App Registration Type Pick an existing app registration in this directory
Name or app ID appreg-spark-spoactions
Client secret expiration Configure based on your organization rules
Client Application Requirements Allow requests from specific client applications
Allowed Client Applications appreg-spark-spoactions Client Id
SharePoint Online Web Client Extensibility Id:
08e18876-6177-487e-b8b5-cf950c1e598c
Paste each guid as the value in the textbox
Identity Requirement Allow requests from any identity
Tenant Requirement Allow requests only from the issuer tenant

6. After the identity is added, click on Edit

7. Set the Client secret setting name to –Remove value

8. Set the Allowed Token Audiences value to the appreg-spark-spoactions application id uri

9. Click on Save

Edit Identity Provider

Step 9: Create Functions

  1. Select Overview from the left navigation
  2. Reference the table below and repeat steps 3-5 for each file
  3. Click on Create under the Functions tab
  4. Copy and paste the content from the script file
  5. Click on Save
Function Name Authorization Level File Reference
fx-spark-getallsites Anonymous fx-spark-getallsites
fx-spark-getsitecounts Anonymous fx-spark-getsitecounts
fx-spark-getsitesbyaction Anonymous fx-spark-getsitesbyaction
fx-spark-getsitesbykeyword Anonymous fx-spark-getsitesbykeyword
fx-spark-getsparksites Anonymous fx-spark-getsparksites
fx-spark-updatesparksites Anonymous fx-spark-updatesparksites
Create Function