Self-hosted API Setup
For users running CIPP in their own Azure environment.
This step is optional for anyone who deployed after v7.1.x. If you are coming from v7.1.x or earlier, your Function App identity needs the "Contributor" role assigned to itself. You can do this manually, or with the PowerShell Role Assignment script. Both options are described below.
Assign the “Contributor” Role to the Function App
If you're self-hosting and running your own Azure Function App, you'll need to grant it proper access:
Go to Azure Portal.
Open the resource group hosting CIPP.
Select the Function App (not an offloaded app).
Navigate to Access control (IAM) > + Add > Add role assignment.
Click on Privileged administrator roles.
Choose:
Role: Contributor
Assign access to: User, group, or service principal
Select: The CIPP Function App identity
Click Save.
PowerShell Role Assignment (Alternative)
You can also use Azure Cloud Shell:
$RGName = Read-Host -Prompt "Resource Group Name"
Connect-AzAccount
$Functions = Get-AzResource -ResourceGroupName $RGName -ResourceType 'Microsoft.Web/sites' | Where-Object { $_.Name -match 'cipp' -and $_.Name -notmatch '-' }
$FunctionApp = Get-AzWebApp -ResourceGroupName $Functions.ResourceGroupName -Name $Functions.Name
$Identity = $FunctionApp.Identity.PrincipalId
New-AzRoleAssignment -ObjectId $Identity -RoleDefinitionName 'Contributor' -Scope $FunctionApp.Id
Once configured, head over to the CIPP-API Integration page in your CIPP UI.
Last updated
Was this helpful?