Forum Discussion

tcboeira's avatar
tcboeira
Brass Contributor
Aug 16, 2024

How to grant permissions on behalf of the organization Script

Hello everyone!

 

We generated a necessary Script to create the API/APP/Service Principal in Entra ID, and assign some delegated and application permissions.

 

However, I need to grant permission on behalf of the organization for these permissions, during the Script itself.

 

I have tried several times, in different ways, but all without success.

 

Does anyone know how this can be done? If it can be done? And could you help me with this?

 

Thank you all.
Best regards

  • tcboeira 

     

    Try this:

     

    Create the Service Principal and Assign Permissions:

    # Define the app registration details
    $appName = "YourAppName"
    $app = New-MgApplication -DisplayName $appName

    # Create a service principal for the app
    $sp = New-MgServicePrincipal -AppId $app.AppId

    # Define the permissions you need
    $permissions = @(
    "User.Read",
    "Group.ReadWrite.All"
    )

    # Assign the permissions to the service principal
    foreach ($perm in $permissions) {
    $apiPermission = Get-MgServicePrincipalOauth2PermissionGrant -Filter "scope eq '$perm'"
    New-MgServicePrincipalOauth2PermissionGrant -ClientId $sp.Id -ConsentType "AllPrincipals" -PrincipalId $null -ResourceId $apiPermission.ResourceId -Scope $perm
    }

     

    Grant Admin Consent:

    # Grant admin consent for the permissions
    $consent = New-MgServicePrincipalOauth2PermissionGrant -ClientId $sp.Id -ConsentType "AllPrincipals" -PrincipalId $null -ResourceId $app.AppId -Scope ( $permissions -join " " )

Resources