Azure Graph API Call get only application groups

0
votes

I have azure AD with 3 groups

I execute api call for retrieve it

  1. Login : https://login.microsoftonline.com/${tenantID}/oauth2/token
  2. Get groups : https://graph.microsoft.com/v1.0/groups
  3. Get users : https://graph.microsoft.com/v1.0/groups/${groupID}/members

Thats OK, i receive 3 groups and users inside But for now i need only groups that assigned to applications Like this

I cant find any methods in graph api for filter it . If somebody know how to do it , help please

1
azureazure-active-directorymicrosoft-graph-api
Resolve problem use graph.microsoft.com/beta/servicePrincipals/${applicationId}/appRoleAssignments - Pavlo Kostohrys
If it is resolved, you could add it as an answer to help other communities easily to search. - Tom Sun - MSFT

1 Answers

1
votes

Resolve this problem in such way:

  1. Get all groups as before
  2. Get groups and users assigned to application graph.microsoft.com/beta/servicePrincipals/${applicationId}/appRoleAssignments

Response : 

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments",
    "value": [
        {
            "id": "tV-E7eUeFkmIemkoWcUgTkrT54btaddPtiLX96wVx0g",
            "creationTimestamp": "2018-07-06T10:43:32.548348Z",
            "principalDisplayName": "Pasha Kostohrys",
            "principalId": "${userID}",
            "principalType": "User",
            "resourceDisplayName": "azure-group-sync",
            "resourceId": "${applicationId}"
        },
        {
            "id": "ZRCxfjNVlUqrjp9Y3wuLJz6beU58dtNOvr41VsKwADo",
            "creationTimestamp": null,
            "principalDisplayName": "ops",
            "principalId": "${groupID}",
            "principalType": "Group",
            "resourceDisplayName": "azure-group-sync",
            "resourceId": "${applicationId}"
        }
    ] }
  1. Just filter groups that are not in assignments list