How to set properties of Azure Active Directory service principal from code?
I have created AAD application from gallery. There is one in app registrations section and one in enterprise applications. App registrations application points to the enterprise app (managed application in local directory).
I want to configure SAML SSO for the enterprise app. There are a few required properties which have to be set.
I am able to set Sign on URL (using graph api), but I cannot set Identifier (Entity ID) and Reply URL. I thought that this will do the job:
Set-AzureADApplication -ObjectId <id of app from App registrations>
-IdentifierUris $Identifiers -ReplyUrls $ReplyUrls
but the enterprise app is untouched. Also Set-AzureADServicePrincipal doesn't seem to work for me.
There are no errors. Nothing changed on the portal after refresh. I am connected to correct tenant and have fresh modules installed.
I tried also with RM: Update-AzureRmADApplication, Set-AzureRmADApplication, Set-AzureRmADServicePrincipal, Update-AzureRmADServicePrincipal.
I also couldn't find a working graph api.
Is there a way to do this from code? Maybe I am just doing something wrong and it's working for you? I would be grateful for some help. Thanks
but enterprise app is untouched.
Actually, the enterprise has been affected, we could check it via Microsoft Graph after using Set-AzureADApplication, it just not appear in the portal, may be a bug, I am not sure.
$Identifiers = @(
"http://www.tableau.com/products/server",
"https://azure.idtest.link"
)
$ReplyUrls = @(
"https://azure.rptest.link/wg/saml/SSO/index.html"
)
Set-AzureADApplication -ObjectId <object-id of the AD App> -IdentifierUris $Identifiers -ReplyUrls $ReplyUrls
If we set them in the portal at first time, then run the commands again, you will find it works.
And it looks there is no way to set the Default Reply URL via powrshell or API, if we set the Reply URL which is different from the one set manually in the portal, it will have a prompt like below.
But if we look into it, actually the Default option is checked.
Update:
Eventually, I find the trick, it is not a bug, we just need to set the preferredSingleSignOnMode for the service principal first via Microsoft Graph, then we won't need to configure that in the portal manually.
Sample:
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"preferredSingleSignOnMode":"saml",
"loginUrl": "https://azure.signtest.link"
}
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday