Azure ad app - Updating manifest programmatically
I am trying to find a way to update an Azure Ad registered app\'s manifest via powershell, utilizing a json file.
The Json file contains all of the app roles, and i
-
Yes you can update the Azure AD Application's manifest through PowerShell.
Specifically to add App Roles, here's a PowerShell script.
In case you're trying to do this while creating a new application, just use
New-AzureADApplicationinstead ofSet-AzureADApplication.Connect-AzureAD -TenantId <Tenant GUID> # Create an application role of given name and description Function CreateAppRole([string] $Name, [string] $Description) { $appRole = New-Object Microsoft.Open.AzureAD.Model.AppRole $appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string] $appRole.AllowedMemberTypes.Add("User"); $appRole.DisplayName = $Name $appRole.Id = New-Guid $appRole.IsEnabled = $true $appRole.Description = $Description $appRole.Value = $Name; return $appRole } # ObjectId for application from App Registrations in your AzureAD $appObjectId = "<Your Application Object Id>" $app = Get-AzureADApplication -ObjectId $appObjectId $appRoles = $app.AppRoles Write-Host "App Roles before addition of new role.." Write-Host $appRoles $newRole = CreateAppRole -Name "MyNewApplicationRole" -Description "This is my new Application Role" $appRoles.Add($newRole) Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $appRoles讨论(0) -
Keep in mind that the "manifest", as displayed in the Azure AD portal, is nothing more than a lightly-constrained representation of the Application object, as exposed by the Azure AD Graph API: https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#application-entity
Azure AD PowerShell (the AzureAD module) is just a simple wrapper around the same API.
New‑AzureADApplicationdoes aPOSTon/applications,Get‑AzureADApplicationdoes aGET,Set‑AzureADApplicationdoes aPATCH, andRemove‑AzureADApplicationdoes aDELETE.So, keeping that in mind, consider the following input file
app-roles.json:[ { "allowedMemberTypes": [ "Application" ], "description": "Read some things in the My App service", "displayName": "Read some things", "id": "b2b2e6de-bb42-41b4-92db-fda89218b5ae", "isEnabled": true, "value": "Things.Read.Some" }, { "allowedMemberTypes": [ "User" ], "description": "Super admin role for My App", "displayName": "My App Super Admin", "id": "a01eca9b-0c55-411d-aa5f-d8cfdbadf500", "isEnabled": true, "value": "super_admin" } ]You could use the following script to set those app roles on an app (note this will remove any existing app roles, which will cause an error is they weren't previously disabled):
$appId = "{app-id}" $pathToAppRolesJson = "app-roles.json" # Read all desired app roles from JSON file $appRolesFromJson = Get-Content -Path $pathToAppRolesJson -Raw | ConvertFrom-Json # Build a new list of Azure AD PowerShell AppRole objects $appRolesForApp = @() $appRolesFromJson | ForEach-Object { # Create new Azure AD PowerShell AppRole object for each app role $appRole = New-Object "Microsoft.Open.AzureAD.Model.AppRole" $appRole.AllowedMemberTypes = $_.allowedMemberTypes $appRole.Description = $_.description $appRole.DisplayName = $_.displayName $appRole.Id = $_.id $appRole.IsEnabled = $_.isEnabled $appRole.Value = $_.value # Add to the list of app roles $appRolesForApp += $appRole } # Update the Application object with the new list of app roles $app = Get-AzureADApplication -Filter ("appId eq '{0}'" -f $appId) Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $appRolesForApp讨论(0) -
Azure Client command
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --app-roles @manifest.jsonmanifest.json
[{ "allowedMemberTypes": [ "User" ], "description": "Approvers can mark documents as approved", "displayName": "Approver", "isEnabled": "true", "value": "approver" }]More info ine the documentation of azure cli
讨论(0)
加载中...
- 热议问题