New Programmer
Reputation: 65
EntraID: Adding Admin credentials like Tenant URL and Secret Token to Enterprise app provisioning
I am trying to automate the process of adding Admin credentials like Tenant URL and Secret Token to Enterprise app provisioning (As done on Portal)
Right now I am creating application and service_principal using terraform like this
# Enterprise Application
resource "azuread_application" "enterprise_app_scim" {
display_name = var.ent_app_display_name
owners = var.ent_app_owners
}
resource "azuread_service_principal" "enterprise_app_scim_sp" {
client_id = azuread_application.enterprise_app_scim.client_id
owners = azuread_application.enterprise_app_scim.owners
preferred_single_sign_on_mode = "saml"
app_role_assignment_required = true
feature_tags {
enterprise = true
custom_single_sign_on = true
}
}
I have tried creating the provisioning by combining some cli commands and url from co-pilot but this isn't working and actually looks like the uri in use isn't even valid. I have tried several things and tbh now I am unsure if this is even the correct approach.
I would be very grateful if someone could guide a bit here.
resource "null_resource" "scim_provisioning" {
provisioner "local-exec" {
command = <<EOT
TOKEN=$(az account get-access-token --resource https://graph.microsoft.com --query accessToken -o tsv)
az rest --method PATCH \
--uri "https://graph.microsoft.com/v1.0/servicePrincipals/${azuread_service_principal.enterprise_app_scim_sp.id}/synchronization" \
--headers "{\"Authorization\": \"Bearer $TOKEN\"}" \
--body '{
"synchronization": {
"jobs": [
{
"tenantUrl": "${var.scim_tenant_url}",
"secretToken": "${var.scim_bearer_token}"
}
]
}
}'
EOT
}
}
Error
Not Found({"error":{"code":"UnknownError","message":"{\"Message\":\"No HTTP resource was found that matches the request URI 'https://syncfabric.windowsazure.com/api/servicePrincipals('63e5e074-xxxx-4367-ba72-257f07052e9f')/synchronization/secrets?api-version=2.0'.\"}","innerError":{"date":"2025-02-20T12:31:22","request-id":"467a024e-574c-42c3-9612-xxxxxxx","client-request-id":"467a024e-574c-42c3-9612-b320e07c299d"}}})
Upvotes: 1
Views: 48
Answers (0)
Related Questions
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Azure Active Directory Enterprise App OpenID and User Provisioning (SCIM)
- Terraform: provisioning via app/client id and secret
- Email claim is not being sent in ID token when Entra ID app is added to another tenant
- Difference between "enterprise application" and "app registration" in Azure
- Is it possible get Client tenant user role as claim on app tenant ad token
- Azure AD Multi-tenant App - Find what tenant provided admin consent
- Azure admin consent workflow and redirect url tenant how to prevent attack?
- Are Azure Subscription ID, AAD Tenant ID, and AAD App Client ID considered secret/PII?
- 401 When passing the token using graphic onenote api