You can Use the Graph APIs listed under Manage Enterprise Applications with Microsoft Graph PowerShell to achieve the task you are trying. Try them and let me know if they are sufficient. See example below.
To set an attribute in "Single sign on" > "Attributes & Claim" using Microsoft Graph PowerShell, you can use the following example, (not tried yet)
# Define variables
$clientId = "<enter your client ID here>"
$clientSecret = "<enter your client secret here>"
$tenantId = "<enter your tenant ID here>"
$applicationId = "<enter your application ID here>"
$attributeName = "<enter the name of the attribute here>"
$attributeValue = "<enter the value of the attribute here>"
# Connect to Graph API
Connect-MgGraph -ClientId $clientId -ClientSecret $clientSecret -TenantId $tenantId
# Get the Enterprise Application
$application = Get-MgServicePrincipal -Filter "appId eq '$applicationId'"
# Get the SAML token configuration
$samlTokenConfiguration = Get-MgServicePrincipalSingleSignOnConfig -ServicePrincipalId $application.Id -AuthenticationProtocolType saml
# Set the attribute value
$samlTokenConfiguration.ClaimsMappingSettings.Attributes.Add($attributeName, $attributeValue)
# Update the SAML token configuration
Update-MgServicePrincipalSingleSignOnConfig -ServicePrincipalId $application.Id -AuthenticationProtocolType saml -ClaimsMappingSettings $samlTokenConfiguration.ClaimsMappingSettings
This example connects to the Graph API using the Connect-MgGraph
cmdlet, gets the Enterprise Application using the Get-MgServicePrincipal
cmdlet, gets the SAML token configuration using the Get-MgServicePrincipalSingleSignOnConfig
cmdlet, sets the attribute value using the Add
method of the Attributes
property of the ClaimsMappingSettings
property, and updates the SAML token configuration using the Update-MgServicePrincipalSingleSignOnConfig
cmdlet.