I am trying to build a pipeline to automate my power app solution deployment from azure devOps. As part of the process I would like to run a powershell script using the PowerShell Admin Module from devOps pipeline which would grant a list of users access to apps in the solution.
I have been able to run the admin powershell command for Apis to bypass consent as a Service Principal
Set-AdminPowerAppApisToBypassConsent -EnvironmentName $EnvironmentId -AppName $AppId
but I am struggling with
Get-UsersOrGroupsFromGraph -SearchString $EmailAddress
and
Set-AdminPowerAppRoleAssignment -PrincipalType "User" -PrincipalObjectId $UserId -RoleName $UserPermission -AppName $AppId -EnvironmentName $EnvironmentId
Is it not possible to run these commands using a Service Principal account or does the Service Principal need specific permission in order to run this? When I run it as a regular user then it does work. Is there an API that can be used instead which would accomplish the same thing using Service Principal?
The Set-AdminPowerAppRoleAssignment has started working for Service Principal since posting this question.
After some discussion with Microsoft they have recommended switching to the official Microsoft Graph PowerShell SDK instead of Get-UsersOrGroupsFromGraph from Power App admin modules.
Here is my updated command:
$user = Get-MgUser -Filter "mail eq '$EmailAddress' or userPrincipalName eq '$EmailAddress' "