Forum Discussion
PowerShell for App creation and permissions in Azure AD
Hi,
I've been working on scripting ways to create applications on the fly and apply group permisisons, but I'm a bit stuck.
What I'm doing is creating an app for a Sharepoint Online site, adding users to a group then trying to add the group to have access to the app.
For App creation if I use this command:
New-AzureRmADApplication -DisplayName "ABC -HomePage "https://URLGOESHERE -IdentifierUris "URLGOESHERE"
When I do that, the app doesn't have the option via Azure AD GUI to turn "User assignment required to access app" off or on as it's greyed out, and if I try to make a change via the GUI it gives a generic error.
So, if I create the app manually.. how do I give a group permission to the app?
I found this: https://social.msdn.microsoft.com/Forums/en-US/de3c56e2-9010-463c-9bbd-faf70069cd26/azure-ad-manage-users-with-powershell?forum=WindowsAzureAD
but when I try that, I get this error:
New-AzureADUserAppRoleAssignment : Error occurred while executing NewUserAppRoleAssignment
StatusCode: BadRequest
ErrorCode: Request_BadRequest
Message: One or more properties are invalid.
I'm stuck now, so wondering if anyone has successfully done this, or can point me in the right direction?
Ended up working out how to do this, here's my writeup for anyone else interested:
https://www.adamfowlerit.com/2017/01/azure-active-directory-assigning-groups-applications-powershell/
6 Replies
Ended up working out how to do this, here's my writeup for anyone else interested:
https://www.adamfowlerit.com/2017/01/azure-active-directory-assigning-groups-applications-powershell/
- DaniMartMS
Microsoft
Hey Adam, you`re more than welcome to post here! Glad to see you worked this out and shared the resolution for others that may have the same issue. You`re a hero ;)
I would recommend asking this question in the SharePoint Developers space, some of the people from the PnP team may be able to answer this type of question.
Hi Dean,
This doesn't really have anything to do with SharePoint Online though, it just happens to be the URL destination of the app I'm adding. Could be anything and the same applies.
Well, it may not be a SPO issue, but the community space at https://techcommunity.microsoft.com/t5/SharePoint-Developer/bd-p/SharePointDev has a lot more activity than this one, and the people in that Space are really smart and always helpful.
