azure-cliazure-service-principal
Adding a Groups Claim to a Service Principal via Azure CLI
It is obvious how to create a Service Principal (App Registration) via Azure CLI:
az ad sp create-for-rbac -n "My Service Principal" --scopes /subscriptions/the-subscription-guid
From the Azure Portal, you can add a Claims Group to the generated service principal, as such:
How can I add this via the Azure CLI at the time of creation of principal or after creating it? I did not find the documentation to do so.
Solution
For a service principal, you can add an optional claim and group claims as follows:
Using command:
az ad app create --display-name "xxx" --optional-claims @manifest.json
Output:
Group Claim:
myjson file:
{
"groupMembershipClaims": "SecurityGroup",
"optionalClaims": {
"saml2Token": [
{
"name": "groups",
"essential": false,
"additionalProperties": []
]
}
],
"idToken": [
{
"name": "groups",
"essential": false
}
]
}
}
Use below Az CLI command:
az ad app update --id "<AppID>" --set groupMembershipClaims=All
Refer MsDoc
- How to get project iterations through the Azure API
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Azure ML: Unable to find workspace
- Redeploy .NET Aspire project after resource cleanup
- Updating Azure Container app Startup Probe using CLI is not working
- Get connectionString value from az storage account show in github action
- Azure VM run-commands freeze and hang and starts to block DevOps pipeline from running new run-commands on VM with Azure CLI
- Unable to deploy a python application from az cli
- az cli : create container app via yaml fail due to parsing to json
- Cannot assign Azure Role for cosmos db
- az role assignment delete: The request did not have a subscription or a valid tenant level resource provider
- Search-AzQuery querying authorizationresources returns 0 records
- How do I change from Bring Your Own Certificate to Azure Managed for an App Service?
- Can't create Azure Storage Account: SubscriptionNotFound
- Unable to create container in a Storage account created with endpoint type as AzureDnsZone
- Azure Traffic Manager Endpoint: The following locations specified in the geoMapping property for endpoint are not supported
- How to list and purge deleted Azure Cognitive Services resources in the current subscription with Azure CLI
- az bicep upgrade command giving me a different error wherever the terminal I execute
- Can I set the redirectUris for publicClient or spa from PowerShell?
- Service Principal az cli login failing - NO subscriptions found
- Is there a way to use New-AzMaintenanceConfiguration to also create a dynamic scope?
- JMESPath with numeric value in Azure
- How do I upload a file to Azurite from terminal?
- create Azure Keyvault secret without exposing values
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Renew JSON authentication key of Service Principal
- Space separated values; how to provide a value containing a space
- how to clean specific folder when deploying to that folder with 'az webapp deploy'
- AZ CLI query filter on multiple properties using &&
- Bind managed certificate to Custom Domain for Azure Container App with az CLI fails