Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get Azure Active Directory application users and roles

Tags:

azure

azure-active-directory

azure-ad-graph-api

I've setup an application in Azure AD Premium and made user assignment required to access the application. I've added custom app roles to the application manifest. I can assign users with a role to the application.

How can you get a list of all users that are assigned to the application and their assigned role?

like image 821
Jeremy Avatar asked Feb 07 '23 04:02

Jeremy

1 Answers

Azure portal (preview)

In the new Azure portal, under "Enterprise applications" > (your app) > "Users and groups", you'll now see only the list of users who are assigned to the application, as well as the app role they are assigned to. You can also filter and sort by app role. Here's an example:

Azure portal / Enterprise applications / Users and groups

Note: As of September 2016, the Azure AD management experience in the new Azure portal is in preview.

Classic Azure portal

Under and application's "Users and groups" you can list all users (and what their assignment state is), as well as all groups:

[Classic Azure portal / Active Directory / Application / Users and groups]

PowerShell

Using the new preview (as of Sept 2016) Azure AD PowerShell module, you can use the following example: 

# Get all service principals, and for each one, get all the app role assignments, 
# resolving the app role ID to it's display name. Output everything to a CSV.
Get-AzureADServicePrincipal | % {

  # Build a hash table of the service principal's app roles. The 0-Guid is
  # used in an app role assignment to indicate that the principal is assigned
  # to the default app role (or rather, no app role).
  $appRoles = @{ "$([Guid]::Empty.ToString())" = "(default)" }
  $_.AppRoles | % { $appRoles[$_.Id] = $_.DisplayName }

  # Get the app role assignments for this app, and add a field for the app role name
  Get-AzureADServiceAppRoleAssignment -ObjectId ($_.ObjectId) | % {
    $_ | Add-Member "AppRoleDisplayName" $appRoles[$_.Id] -Passthru
  }
} | Export-Csv "app_role_assignments.csv" -NoTypeInformation

Azure AD Graph API

With Azure AD Graph API, you can do the equivalent of what the PowerShell script does, above (in fact, the new Azure AD PowerShell module uses Azure AD Graph API for the majority of the requests).

List all service principals:

GET https://graph.windows.net/{tenant-id}/servicePrincipals

List a service principal's app role assignments:

GET https://graph.windows.net/{tenant-id}/servicePrincipals/{object-id}/appRoleAssignments
like image 170
Philippe Signoret Avatar answered Feb 24 '23 06:02

Philippe Signoret
Sign in to Comment

Related questions

using an Azure Service Bus Queue and BrokeredMessage.ScheduledEnqueueTimeUtc to renew subscriptions
Azure + Swift Push Notifications
Configuring Google Domain to point to Azure website
How to upgrade from V11 to V12 SQL Azure?
What does the 500 telemetry data points per second limit actually mean in Application Insights?
Overide Connection for RedisSessionStateProvider on Azure
Serving static files in ASP.NET 5 MVC 6
Populate Azure Data Factory dataset from query
Publishing web app to Azure Websites Staging deployment slot fails with webjob
Static IP for Cloud Service on Azure [closed]
Creating an Azure Web App with Postgresql database (is that possible?)
Uploading a Bitmap object to Azure blob storage
Forever logs keep growing
Is SQL Reporting Services available with Azure or any other azure newly introduced reporting services? [closed]
How to run django manage.py command on Azure App Service
SAS URLs not working
Sending multiple arguments to triggered Azure webjos
ARM template deployment of Microsoft.Web/sites/hostNameBindings resources using copy
How to change the timezone in Azure SQL Database?
Get files recursively from azure file storage using c#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!