CODEWITHSUNDEEP
microsoft-graph-api
Ajay
Ajay

Reputation: 23

How to create approle assignments programmatically using MS graph API?

I am building an application to manage Azure AD with our Custom UI.I have created a application on Azure AD and was able to do operations like creating APPs and APP roles programmatically using the Microsoft Graph REST API Beta,but could not create approle assignments using the documenation in the following link, https://learn.microsoft.com/en-us/graph/api/serviceprincipal-post-approleassignments?view=graph-rest-beta. Can you please guide me to achieve my requirement

Upvotes: 1

Views: 1472

Answers (1)

Philippe Signoret
Philippe Signoret

Reputation: 14336

(Updated on 2020-06-25 to reflect availability and recommended approach on Microsoft Graph v1.0.)

To create an app role assignment using Microsoft Graph v1.0, you can make the following API request on the resource app's service principal:

POST https://graph.microsoft.com/v1.0/servicePrincipals/{id-resource}/appRoleAssignedTo
Content-type: application/json

{
  "principalId": "id-principal",
  "resourceId": "id-resource"
  "appRoleId": "id-app-role"
}

When you are granting an app role assignment to another service principal (i.e. an app-only permission grant), id-principal is the id of the servicePrincipal for the client app (the app which is being granted the application permission), id-resource is the id of the servicePrincipal for the resource app (e.g. the API, such as Microsoft Graph), and id-app-role is the id of the appRole (in this case, the application permission) you want to assign to the client. (The app role can be retrieved from the appRoles attribute of the servicePrincipal for the resource app/API.)

Documentation: https://learn.microsoft.com/graph/api/serviceprincipal-post-approleassignedto?view=graph-rest-1.0

Upvotes: 1

Related Questions