Reputation: 3661
add permissions to Azure RM AD application via powershell
I can create a new Azure RM AD application like so:
New-AzureRmADApplication -DisplayName "xxx" -HomePage "xxx" -IdentifierUris "xxx" -ReplyUrl "xxx"
I am trying to add application permission to this, so that the app will be created with my specified permissions. The permission I want looks like this in the manifest:
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6",
"type": "Scope"
}
]
}
]
This is a permission for Windows Azure Active Directory - Delegated - Sign in and read user profile. Is there some way I can add this during of after creating my AD app via powershell?
Upvotes: 2
Views: 1040
Answers (2)
Reputation: 2198
You can also create an AAD app with given permission. Then you need New-AzureADApplication from AzureAD module. The code snippet is like:
$SiteUri = "https://example.com/"
$displayName = $SiteUri.Host
[string[]]$replyUrl = $SiteUri.AbsoluteUri + ".auth/login/aad/callback"
$reqAAD = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
# This is "Windows Azure Active Directory".
$reqAAD.ResourceAppId = "00000002-0000-0000-c000-000000000000"
# This is to "Sign you in and read your profile"
$permission = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope"
$reqAAD.ResourceAccess = $permission
New-AzureADApplication -DisplayName $displayName -IdentifierUris $SiteUri -Homepage $SiteUri -ReplyUrls $replyUrl -RequiredResourceAccess $reqAAD
For more details, you can read https://blogs.msdn.microsoft.com/azuregov/2017/12/06/web-app-easy-auth-configuration-using-powershell/
Upvotes: 0
Reputation: 42043
Try the command below, change the ObjectId , it works fine on my side.
$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$req.ResourceAccess = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope"
$req.ResourceAppId = "00000002-0000-0000-c000-000000000000"
Set-AzureADApplication -ObjectId <ObjectId> -RequiredResourceAccess $req
The screenshot of Manifest :
Upvotes: 2
Related Questions
- How to Add Api Permissions to an Azure App Registration using PowerShell
- How to grant admin consent to an Azure AAD app in Powershell?
- Unable to revoke admin consent for added permissions: Powershell
- Deleting an Application's AppRole in Azure Active Directory
- Azure AD Powershell : Grant consent failed with error: Application is requesting permissions that are either invalid or out of date
- how to give grant Permissions for an app in azure ad using powershell
- Powershell - Do "Grant Permissions" action on Azure AD Application with Powershell
- How to give Azure AD application access to required permissions using powershell Az module
- What API Permissions are needed for Remove-AzureADUser?
- How to set permission for Azure Active directory application in Azure DataLake Store using powershell commands