Azure

How to Solve the "authentication credential type for the storage account isn't valid" Error in Azure Logic Apps

When working with Azure Logic Apps (Standard) and you try to use a User-Assigned Managed Identity for accessing a storage account, you might encounter the following error:

Microsoft.Azure.Workflows.Data.Edge authentication credential type for the storage account isn't valid

In my case the error was because I was using the wrong ID as value of the AzureWebJobsStorage__managedIdentityResourceId app setting.

First of all, ensure your User-Assigned Managed Identity has the necessary permissions on the storage account, typically Storage Blob Data Contributor.

To authenticate with a User-Assigned Managed Identity instead of a connection string against a storage account, you need to configure two specific application settings in your Logic App:

1. Set the Credential Type

Add or update the following application setting:

AzureWebJobsStorage__credentialType = managedIdentity

The double underscore (__) in the setting names is intentional and required

2. Set the Resource ID of the Managed Identity

Add or update the following application setting:

AzureWebJobsStorage__managedIdentityResourceId = /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}

This should be this long string and NOT some other ID of the Managed Identity!

How to find the Resource ID

Either by using the Azure Portal:

  1. Navigate to your User-Assigned Managed Identity
  2. Go to the Properties section
  3. Copy the Resource ID value

or by using the Azure CLI:

az identity show --name <identity-name> --resource-group <resource-group-name> --query id --output tsv

Configuring via Azure CLI

You can set these application settings using the Azure CLI:

az logicapp config appsettings set \
  --name <logic-app-name> \
  --resource-group <resource-group-name> \
  --settings AzureWebJobsStorage__credentialType=managedIdentity \
    AzureWebJobsStorage__managedIdentityResourceId="/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}"

By saving the app settings, you Logic App is going to restart and this time will store all its files into the storage account without any issues.

comments powered by Disqus