Azure Graph API Call get only application groups

Question

I have azure AD with 3 groups

I execute api call for retrieve it

1. Login : https://login.microsoftonline.com/${tenantID}/oauth2/token
2. Get groups : https://graph.microsoft.com/v1.0/groups
3. Get users : https://graph.microsoft.com/v1.0/groups/${groupID}/members

Thats OK, i receive 3 groups and users inside But for now i need only groups that assigned to applications Like this

I cant find any methods in graph api for filter it . If somebody know how to do it , help please

Answer 1

To get the groups assigned to an application (Service Principal)

Microsoft Graph API:

https://graph.microsoft.com/v1.0/servicePrincipals/<servicePrincipal_id/appRoleAssignedTo

Microsoft Graph powershell:

Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $servicePrincipalId

Answer 2

Resolve this problem in such way:

1. Get all groups as before
2. Get groups and users assigned to application graph.microsoft.com/beta/servicePrincipals/${applicationId}/appRoleAssignments

Response :

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments",
    "value": [
        {
            "id": "tV-E7eUeFkmIemkoWcUgTkrT54btaddPtiLX96wVx0g",
            "creationTimestamp": "2018-07-06T10:43:32.548348Z",
            "principalDisplayName": "Pasha Kostohrys",
            "principalId": "${userID}",
            "principalType": "User",
            "resourceDisplayName": "azure-group-sync",
            "resourceId": "${applicationId}"
        },
        {
            "id": "ZRCxfjNVlUqrjp9Y3wuLJz6beU58dtNOvr41VsKwADo",
            "creationTimestamp": null,
            "principalDisplayName": "ops",
            "principalId": "${groupID}",
            "principalType": "Group",
            "resourceDisplayName": "azure-group-sync",
            "resourceId": "${applicationId}"
        }
    ] }

3. Just filter groups that are not in assignments list