CODEWITHSUNDEEP
active-directoryazure-active-directoryazure-ad-graph-api
Koushik mondal
Koushik mondal

Reputation: 227

create a application role using Microsoft Graph API

I have created app registration in azure aad. I want to add a app role using Microsoft Graph API programmatic.

Upvotes: 4

Views: 2894

Answers (2)

Abhishek Raj
Abhishek Raj

Reputation: 31

According to my experience, I added appRoles with the help of MicrosoftGraphAPI. You can use this:


    respond = "https://graph.microsoft.com/v1.0/applications/{apps-Object-ID}"
    request_body = json.dumps({
    "appRoles": [           {
                     "allowedMemberTypes": ['User'],
                     'description': 'access',
                     'displayName': 'access',
                     'id': "XXXX-XXXX-XXX",
                     "isEnabled": "true",
                     "value": "null",
                     "origin": "Application"
                 }
             ]
    })
    
    response = requests.patch(respond, headers, request_body)

And don't forget to import json and requests

Upvotes: 1

Tom Sun
Tom Sun

Reputation: 24569

It seems that there is no Microsoft Graph API to do that. If Azure AD graph is acceptable, you use the following rest API to do that.

PATCH https://graph.windows.net/{tenantId}/directoryObjects/{objectId}/Microsoft.DirectoryServices.Application?api-version=1.6

Note: objectId not applicationId, we could get it from Azure portal.

The following is the test body 

appRoles": [
    {
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "SurveyAdmin",
      "id": "c20e145e-5459-4a6c-a074-b942bbd4cfe1",
      "isEnabled": true,
      "description": "Administrators can manage the Surveys in their tenant",
      "value": "SurveyAdmin"
    }
  ]

Test result:

enter image description here

We also could check it in the application manifest from Azure portal.

enter image description here

Upvotes: 1

Related Questions