Azure Functions in Microsoft Entra are extremely powerful and easy to implement using whatever programming language you choose. Where we have seen these be leveraged most often is when using Entra for SAML based SSO. Often times a Service Provider may need a claim that just doesn’t exist in your Entra tenant or you simply don’t want to to provide it because it may be sensitive in nature. Other use cases could be to do complex date manipulation of multiple claim conditions that isn’t possible using a transformation.

Recently Instrumental Identity helped a school implement an Azure function to transition their SSO for Ellucian Banner from legacy ADFS to Entra using an Azure Function to get the UDC Identifier from an on-prem system using a RESTful API. When a user goes to log into Banner they are prompted to sign-in via Entra, complete their MFA and then a trigger is invoked to make the API call to look up that users UDC Identifier from their UPN. The value is then returned as a custom claim and the user is logged in.

So how do you get started with Azure Functions? First you must understand there is a cost associated with it. In order to run the Azure functions your cloud administrators will need to setup some infrastructure in Azure. These are often in the form of containers and can be spun up pretty quickly. As far as the cost for Azure functions those costs are only incurred when invoked and cost pennies on the dollar. For more information you can use the pricing guide here.

Once your infrastructure is setup, simply use an IDE like VS Code, install the Azure Function plugin and start building your app. You can easily deploy your code all within VS Code, add logging and test. Best of all this can all live in your preferred Source Control Management system such as Git, Azure DevOps, Bitbucket, etc. Tokens, URL’s, passwords, etc. can all be setup as environmental variables in your function allowing you to dynamically use them in your code and not have to store sensitive data in your code. For optimal troubleshooting, we recommend you enable Application Insights to view your logs real-time within the Azure portal.

For more information about Azure Functions, or our products and services, contact us today!