How to create Service Principal of Multi-tenant Application

1
votes

I have created new Azure AAD Application with Multi-tenant enabled. But i Couldn't find App in another tenant ID. When i try to create a Service Principal of above App ID in another Tenant.It is failing with error "New-AzureRmADServicePrincipal : When using this permission, the backing application of the service principal being created must in the local tenant" . Has anyone experience such issue.

$StartDate = [DateTime]::UtcNow                                                                
$EndDate = [DateTime]::UtcNow.AddYears(3)                                                 
$secureString = convertto-securestring "XXXXXXXXX" -asplaintext -force                             
New-AzureRmADServicePrincipal -ApplicationId "XXXXXXXXXX" -Password $secureString -StartDate $StartDate -EndDate $EndDate
2
azureazure-active-directoryadal
Hmm, I've actually never tried this. I feel that this might require a user from that tenant to consent to the permissions interactively..juunas
Hi, do you have a chance to look into my answer? Is it helpful?Allen Wu

2 Answers

0
votes

I couldn't reproduce this error. New-AzureRmADServicePrincipal -ApplicationId "XXXXXXXXXX" works fine for me to create the enterprise app in another tenant.

If you want to add the multi-tenant app into another tenant, there is another way. You can have a try with the admin consent.

I assume that your app is registered in tenant_x and want to add it into tenant_y.

You can redirect the user to the Microsoft identity platform admin consent endpoint.

GET https://login.microsoftonline.com/{tenant_y}/v2.0/adminconsent?
  client_id={client id}
  &state=12345
  &redirect_uri={redirect_uri}
    &scope=
    https://graph.microsoft.com/calendars.read 
    https://graph.microsoft.com/mail.send

Access it in a broswer and log in with an admin account of tenant_y to do the admin consent. After that the app will be added into tenant_y.

0
votes

I fixed my question using following PS command

Connect-AzureAD -TenantId '<TargetTenant>'                                            

New-AzureADServicePrincipal -AppId 'ThirdPartyAppID'