![](/img/trans.png)
[英]How to improve non-tenant UX in an Azure AD enterprise app with automatic SSO sign-in?
[英]Is it possible to automate group assignment to Azure AD Enterprise Applications (specifically AWS SSO)?
您可以使用Microsoft Graph Service Principals API来执行此操作。 每个企业应用程序都是服务主体及其appRoleAssignments 。
要创建绑定到安全组的新分配,您可以使用为服务主体授予 appRoleAssignment,如下所示。
POST https://graph.microsoft.com/v1.0/servicePrincipals/{servicePrincipalId}/appRoleAssignedTo
{
"principalId": "{resource id - Security Group ID in your case}",
"resourceId": "{servicePrincipalId}", // service principal/entreprise app id
"appRoleId": "{The default app role ID (00000000-0000-0000-0000-000000000000) or your app role id}" // See https://learn.microsoft.com/en-us/graph/api/resources/approle?view=graph-rest-1.0
}
如果此选项适合您,那么您可以使用 MS Graph PowerShell SDK 命令New-MgServicePrincipalAppRoleAssignedTo。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.