Forum Discussion

Sagar_Lad's avatar
Sagar_Lad
Brass Contributor
May 15, 2020
Solved

Change User Assignment required to Yes using powershell/azure CLI for enterprise application

Hi Team,

 

I would like to enable User Assignment required to Yes using powershell/azure CLI for enterprise application.

 

Could you suggest how can I enable it?

 

Thank You.

Azure Active Directory (AAD)
  • Joe Stocker's avatar
    Joe Stocker
    May 16, 2020
    You can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
    Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management#requiring-user-assignment-for-an-app

    #Get current value first
    Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired
    #Change value to yes
    Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | set-AzureADServicePrincipal -AppRoleAssignmentRequired $true
    #Confirm the value changed
    Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired

    If this helped you please mark as best answer. thank you.

3 Replies

  • Joe Stocker's avatar
    Joe Stocker
    Bronze Contributor
    May 16, 2020
    Not sure if anything exists but two options:
    1. Use "csvde" to dump both directories to file then use vlookup in Excel to look for matches
    2. Let AAD Sync attempt the sync, then use PowerShell to query FIM's metaverse for conflicts:
    https://blog.kloud.com.au/2016/07/28/simple-reporting-from-the-fimmim-metaverse-to-powerbi-using-the-lithnet-fimmim-sync-service-powershell-module/
  • Joe Stocker's avatar
    Joe Stocker
    Bronze Contributor
    May 16, 2020
    You can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
    Reference: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-access-management#requiring-user-assignment-for-an-app

    #Get current value first
    Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired
    #Change value to yes
    Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | set-AzureADServicePrincipal -AppRoleAssignmentRequired $true
    #Confirm the value changed
    Get-AzureADServicePrincipal -Filter "displayname eq 'My Test App'" | select displayname, AppRoleAssignmentRequired

    If this helped you please mark as best answer. thank you.

Resources