Forum Discussion
How to grant permissions on behalf of the organization Script
Hello everyone!
We generated a necessary Script to create the API/APP/Service Principal in Entra ID, and assign some delegated and application permissions.
However, I need to grant permission on behalf of the organization for these permissions, during the Script itself.
I have tried several times, in different ways, but all without success.
Does anyone know how this can be done? If it can be done? And could you help me with this?
Thank you all.
Best regards
Try this:
Create the Service Principal and Assign Permissions:
# Define the app registration details
$appName = "YourAppName"
$app = New-MgApplication -DisplayName $appName# Create a service principal for the app
$sp = New-MgServicePrincipal -AppId $app.AppId# Define the permissions you need
$permissions = @(
"User.Read",
"Group.ReadWrite.All"
)# Assign the permissions to the service principal
foreach ($perm in $permissions) {
$apiPermission = Get-MgServicePrincipalOauth2PermissionGrant -Filter "scope eq '$perm'"
New-MgServicePrincipalOauth2PermissionGrant -ClientId $sp.Id -ConsentType "AllPrincipals" -PrincipalId $null -ResourceId $apiPermission.ResourceId -Scope $perm
}Grant Admin Consent:
# Grant admin consent for the permissions
$consent = New-MgServicePrincipalOauth2PermissionGrant -ClientId $sp.Id -ConsentType "AllPrincipals" -PrincipalId $null -ResourceId $app.AppId -Scope ( $permissions -join " " )