Forum Discussion

tcboeira's avatar
tcboeira
Brass Contributor
Aug 16, 2024

How to grant permissions on behalf of the organization Script

Hello everyone!   We generated a necessary Script to create the API/APP/Service Principal in Entra ID, and assign some delegated and application permissions.   However, I need to grant permission...
api management
azure
Azure Resource Management
Kidd_Ip's avatar
Kidd_Ip
MVP
Aug 17, 2024

tcboeira 

 

Try this:

 

Create the Service Principal and Assign Permissions:

# Define the app registration details
$appName = "YourAppName"
$app = New-MgApplication -DisplayName $appName

# Create a service principal for the app
$sp = New-MgServicePrincipal -AppId $app.AppId

# Define the permissions you need
$permissions = @(
"User.Read",
"Group.ReadWrite.All"
)

# Assign the permissions to the service principal
foreach ($perm in $permissions) {
$apiPermission = Get-MgServicePrincipalOauth2PermissionGrant -Filter "scope eq '$perm'"
New-MgServicePrincipalOauth2PermissionGrant -ClientId $sp.Id -ConsentType "AllPrincipals" -PrincipalId $null -ResourceId $apiPermission.ResourceId -Scope $perm
}

 

Grant Admin Consent:

# Grant admin consent for the permissions
$consent = New-MgServicePrincipalOauth2PermissionGrant -ClientId $sp.Id -ConsentType "AllPrincipals" -PrincipalId $null -ResourceId $app.AppId -Scope ( $permissions -join " " )

Resources