Microsoft Graph - Allow User Access to Application / Service Principal

1
votes

We are in the process of rolling out a major application to members of staff, it has been setup to use Azure AD/SSO and we currently have to manually set each user to have access to the application through Azure AD -> Applications -> Users. We have a small c# web application that we use to manage AD users are looking to use the new Microsoft Graph API to set users to allowed access when they are created but can't find the correct endpoint/api call to use.

We have tried the following but the documentation/errors returned are quite lacking.

https://graph.microsoft.com/beta/servicePrincipals https://graph.microsoft.com/beta/groups/{id}/members

Which endpoint/api call should we use to accomplish this?

1
c#asp.netazuremicrosoft-graph-api

1 Answers

0
votes

It looks like you are looking to try and set appRoleAssignments. This is currently only exposed on the Microsoft Graph /beta version. The /beta documentation needs a little love and attention as you've discovered. However this pretty much should work as it does in AAD Graph (so you could reference the AAD Graph API reference), but with the different root of https://graph.microsoft.com/beta. This blog post also has some examples https://blogs.msdn.microsoft.com/aadgraphteam/2014/12/12/announcing-the-new-version-of-graph-api-api-version1-5/.

Are there any specific challenges that you are facing? What operations and errors are you seeing?

Hope this helps,