Reputation: 181
How to programmatically assign permissions to Azure AD app
I need to programmatically create an app in Azure AD and programmatically assign it permissions for Graph APIs. Somehow I am unable to find any good info on this. Please let me know if there is any good example of this.
I am able to create a basic app but not sure how to assign permissions to it.
I have a few basic queries:
- Can we create an app and assign permissions at the same time? Or we need to first create app and then assign permissions?
- How can I get a repository of all the possible permissions? Is there any way I can get a readable form of permissions and also its GUID representation?
Any C# example of this would be much appreciated.
Upvotes: 0
Views: 1482
Answers (3)
Reputation: 9511
You must first register an application in the Azure portal (or you must have an application first), and then grant the application permission or delegate permission to call MS graph api to create other applications, here is a detailed explanation Description.
Next, you can create other applications based on this application using C# code + MS graph api, and grant permissions to other applications (this is a separate operation, of course, you can also create an application and assign permissions at the same time).
Upvotes: 1
Reputation: 342
PFB answer to your queries :
Can we create an app and assign permissions at the same time? Or we need to first create app and then assign permissions? --> Yes you can create an app and assign permissions are the same time.
How can I get a repository of all the possible permissions? Is there any way I can get a readable form of permissions and also its GUID representation? --> Here is the link for all the possible permissions :https://learn.microsoft.com/en-us/graph/permissions-reference You can use Microsoft Graph explorer to execute queries and get the GUID representation. Here is the link : https://developer.microsoft.com/en-us/graph/graph-explorer
Upvotes: 2
Reputation: 129
At first you have to register your application in the Azure Active Directory. Go to Azure Portal and navigate to the Azure AD -> App Registrations and create a new App.
In the Apps administration view, go to API-Permissions and click on "Add a permission". Now you can see all the available permissions you can grant to you application.
For some permissions (indicated by an orange warning sign) you have to grant admin consent afterwards.
After you have done those steps and you configured the redirect URLs (also in the Azure portal), you can access the data you have permissions from your application.
Note: You will also have to implement an authorization flow to make use of Microsoft Graph. You can find additional information here Microsoft Graph Authentication
Upvotes: 0
Related Questions
- Azure Active Directory appRoleAssignments "Permission being assigned was not found on application"
- Microsoft graph API: permission grant for application (app roles) (NOT delegate via Oauth2PermissionGrants)
- Adding application permission to an client application using MS Graph SDK - Java
- How to add permissions to an App registration using graph API?
- Azure AD application permission with scopping
- Add permissions to an Azure application by using the .net SDK
- Azure Active directory API permissions
- Proper apps permissions from azure AD to grant access on Microsoft Graph
- Not able to set Microsoft Graph permissions in Azure Active Directory App Registration
- AAD Graph API Permission Issues