search
Get CIPPJoin Discord
githubEdit

Self-hosted API Setup

For users running CIPP in their own Azure environment.

circle-exclamation

This step is optional for anyone who deployed after v7.1.x. If you are coming from v7.1.x or earlier, your Function App identity needs the "Contributor" role assigned to itself. You can do this manually, or with the PowerShell Role Assignment script. Both options are described below.

hashtag
Assign the “Contributor” Role to the Function App

If you're self-hosting and running your own Azure Function App, you'll need to grant it proper access:

1

Go to Azure Portalarrow-up-right.

2

Open the resource group hosting CIPP.

3

Select the Function App (not an offloaded app).

4

Navigate to Access control (IAM) > + Add > Add role assignment.

5

Click on Privileged administrator roles.

6

Choose:

  • Role: Contributor

  • Assign access to: User, group, or service principal

  • Select: The CIPP Function App identity

circle-info

The Contributor role should allow the identity to create and manage all types of Azure resources but does not allow them to grant access to others.

In the Select field and type cipp. As you begin typing, the list of options will narrow, and you should see the Managed Identity for your Function App.

7

Click Save.

hashtag
PowerShell Role Assignment (Alternative)

You can also use Azure Cloud Shell:

$RGName = Read-Host -Prompt "Resource Group Name"
Connect-AzAccount
$Functions = Get-AzResource -ResourceGroupName $RGName -ResourceType 'Microsoft.Web/sites' | Where-Object { $_.Name -match 'cipp' -and $_.Name -notmatch '-' }
$FunctionApp = Get-AzWebApp -ResourceGroupName $Functions.ResourceGroupName -Name $Functions.Name
$Identity = $FunctionApp.Identity.PrincipalId
New-AzRoleAssignment -ObjectId $Identity -RoleDefinitionName 'Contributor' -Scope $FunctionApp.Id
https://shell.azure.com/powershellshell.azure.comchevron-right
This script can be run in Azure Cloud Shell. Click the link to be taken to the Azure Portal.
circle-check

Once configured, head over to the CIPP-API Integration page in your CIPP UI.

PreviousMigrating to Hosted CIPPNextConfiguring CIPP

Last updated

Was this helpful?