Can Graph API expose Azure Applications SSO settings?

Can Graph API expose Azure Applications SSO settings?



 Aug 12 2021

I'm tasked to move app authentication from ADFS to Azure. In an environment that has hundreds of existing azure application definitions. So i need to make an inventory to see what i'm dealing with. This inventory aims at SSO settings. 

Currently its impossible to directly find out what SSO settings an Enterprise App (and/or it's Service Principal) has. the best thing I can do is combine tags with properties and draw rough inaccurate conclusions).

Ideally add it to or maybe the same approach on how Azure App Proxy settings are accessible, in a separate "sso" resource.


Details I look for:

  • a boolean for "User Assignment required" switch
  • "Users and Groups" (also mentioned in other suggestions)
  • Type Of SSO (SAML/Linked/PWD-based/Header-based/WIA/HandledBySP)
  • read SAML claim rules for applications
  • read "Sign on URL" for SAML config 
  • Expose Oauth2 details for the Service Principal