Assign user to an enterprise app powershell

Question

i have a question to the following topic. I want to add six Groups to every new created enterprise application in Azure. I have already an script which creates the app and anything else I need... I only struggle to add the six groups. Maybe you can help me here?

Greetings Markus

$GroupID = "****************" $app_name = "****************" $app_role_name = "Default Access"

# Get the group to assign $AADGROUP = Get-AzureADGroup -ObjectId $GroupID $sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'" $appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }

# Assign the group to the app role New-AzureADGroupAppRoleAssignment -ObjectId $AADGROUP.ObjectId -PrincipalId $AADGROUP.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id

That is the example but i do not understand what they mean with the role. https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal

Answer 1

Note that: To assign Default Access as app role, you need to pass app role ID as ([Guid]::Empty)

To add groups to the Enterprise application with Default Access as app role, make use of below PowerShell script:

$app_name = "testrukk"
$app_role_name = "Default Access"
$groupIDs = @(
   "GroupID1",
   "GroupID2",
   "GroupID3",
   "GroupID4",
   "GroupID5",
   "GroupID6"
)

$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole =  ([Guid]::Empty)

foreach ($groupID in $groupIDs) {
   $AADGROUP = Get-AzureADGroup -ObjectId $groupID
   if ($AADGROUP -ne $null) {
       New-AzureADGroupAppRoleAssignment -ObjectId $AADGROUP.ObjectId -PrincipalId $AADGROUP.ObjectId -ResourceId $sp.ObjectId -Id $appRole
       Write-Host "Assigned group $($AADGROUP.DisplayName) to application role."
   } else {
       Write-Host "Group with ID $groupID does not exist."
   }
}

The groups added successfully to the Enterprise application: