I have resource in Azure subscription #1 and I want to grant permissions to Azure AD application from subscription #2. Both subscription have separate AAD tenants.
I've created application in subscription #2, marked it as multi-tenant and added certificate credentials to it. There're a few instructions on how to create multi-tenant apps that can login users from multiple tenants. But I don't need any of these logins and don't want to host any API for it. All I need is for users in other subscriptions being able to grant my app permissions to the resources.
I can't figure out how can I link (give consent) to app from another subscription/AAD tenant. My understanding there should be a way for me to reference AppId from app in subscription #2 and create new service principal for it unders subscription #1.
I've tried in subscription #1 New-AzureADServicePrincipal -AppId <AppIdFromSubscription2>
Fails with "Code: Request_ResourceNotFound, Message: Resource 'ServicePrincipal_888ad8a8-8888-4652-8b8b-c141fa1e7191' does not exist or one of its queried "
