Can Graph API expose Azure Applications SSO settings?

Can Graph API expose Azure Applications SSO settings?
0

Upvotes

Upvote

 Aug 12 2021
0 Comments 
New

I'm tasked to move app authentication from ADFS to Azure. In an environment that has hundreds of existing azure application definitions. So i need to make an inventory to see what i'm dealing with. This inventory aims at SSO settings. 

Currently its impossible to directly find out what SSO settings an Enterprise App (and/or it's Service Principal) has. the best thing I can do is combine tags with properties and draw rough inaccurate conclusions).

Ideally add it to https://graph.microsoft.com/v1.0/applications/ or maybe the same approach on how Azure App Proxy settings are accessible, in a separate "sso" resource.

 

Details I look for:

  • a boolean for "User Assignment required" switch
  • "Users and Groups" (also mentioned in other suggestions)
  • Type Of SSO (SAML/Linked/PWD-based/Header-based/WIA/HandledBySP)
  • read SAML claim rules for applications
  • read "Sign on URL" for SAML config 
  • Expose Oauth2 details for the Service Principal 

Cheers,

Sander