my organization has around 2000 applications which are required to be configured With Azure AD SSO and for that they need to be registered and allowed access to users on Azure AD.
I know how to do it manually, but is there any way to automate this whole process so that, I can register the application and grant users access they required?
thank you Dheeraj Kumar
See Question&Answers more detail:os
You can automate creation with Microsoft Graph API or Azure AD Graph API (though you should prefer MS Graph when possible). In this case since you have what is basically a batch scenario in your hands, I feel PowerShell might be a good option.
There is a PowerShell module for administering Azure AD:
First you sign in with
Connect-AzureAD
Then we can create an Application:
$app = New-AzureADApplication -DisplayName 'Created from PS' -IdentifierUris @('https://mytenant.onmicrosoft.com/PSTest1')
Then we need to create the service principal, this is normally done by the portal:
$sp = New-AzureADServicePrincipal -AppId $app.AppId -AppRoleAssignmentRequired $true
Note the AppRoleAssignmentRequired parameter.
Setting it to true will require users to be assigned to the app before they can login.
If you don't want that, just leave it out.
Now we can assign users.
You will need a user's ObjectId to assign them to the app.
You can use Get-AzureADUser in various ways to get the users you want to assign.
But the assignment can then be done like this:
New-AzureADUserAppRoleAssignment -Id '00000000-0000-0000-0000-000000000000' -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -ObjectId $user.ObjectId
If you had specified roles in your app for users, you could use the role's id instead of all zeros. All zeros translates to "Default access" in the portal.
