Jul 20 2022 03:27 AM
Hello,
I hope someone can help with this problem. I have a registered application (lets call it TESTApp3).
I make an Azure AD connection using this application
Connect-AzureAD -TenantId $tenant -CertificateThumbprint $thumb -ApplicationId $applicationID
And I get connected fine. What I need to do is assign users to another application (lets call it TESTApp2) using the connection made by TESTApp3. I also need it scoped to work only on TESTApp2!
What commands do I use? Any help would be magnificent!!
/A
Jul 22 2022 01:06 PM
I was using this script for same kind of task, it might be useful for you.
hint: make sure test app 3 has permissions to read all the groups and users.
#version 1.0
Connect-AzureAD -TenantId XXXXX -CertificateThumbprint XXXXXX -ApplicationId XXXX
$awseaid= Get-AzureADServicePrincipal -ObjectId "xxxxxx"
$appRole = $awseaid.approles | Where-Object { $_.DisplayName -eq "User" }
$awsgroups = Get-AzureADGroup -All $true | Where-Object {($_.DisplayName -like "AWS*") -and ($_.DisplayName -notlike "*root") }
$awseagroups=Get-AzureADServiceAppRoleAssignment -ObjectId $awseaid.ObjectId
if($awseagroups.count -ne $awsgroups.count){
foreach($awsgroup in $awsgroups)
{
#Write-Output $awsgroup.DisplayName
$assignment=Get-AzureADGroupAppRoleAssignment -ObjectId $awsgroup.ObjectId|? {$_.ResourceDisplayName -eq "Single SignOn"}
if(!$assignment)
{
Write-Output "adding $($awsgroup.DisplayName) to aws enterprise applicaiton"
New-AzureADUserAppRoleAssignment -ObjectId $awsgroup.ObjectId -PrincipalId $awsgroup.ObjectId -ResourceId $awseaid.ObjectId -Id $appRole.Id
}
}
}
Jul 22 2022 11:16 PM