How to Get App Role Id

Subramanyam k 251 Reputation points
2020-09-29T06:31:05.91+00:00

Hi,

This is regarding getting app role id.

I am trying to assign the users to application using graph api(https://graph.microsoft.com/v1.0/servicePrincipals/\<<service_principalid>/appRoleAssignments).

One of the input parameter to this API is approleid.

{
"principalId": "<<servicePrincipalid of user>>",
"principalType": "User",
"appRoleId":"?",
"resourceId":"<<servicePrincipalid of app>>"
}

How to get the approleid. Please suggest

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator
    2020-09-29T07:15:18.64+00:00

    Hi @Subramanyam k , thank you for reaching out. You can fetch the appRoleId by making the following Graph API call:

    https://graph.microsoft.com/v1.0/applications?$select=displayName, appId, appRoles&$filter=startswith(displayName, 'App-Name')  
    

    From the response of this Graph API call, you can fetch the AppRoleID for the desired AppRole. Please refer to the screenshot below for more details:

    29057-approles.png

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


  2. soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator
    2020-09-29T07:58:27.313+00:00

    @Subramanyam k , From the app manifest I see that your appRoles collection is empty. It means that that application doesn't have any app roles available for assignment to either users or applications. Now the in the screenshot that I sent in my response above, I have also created an application manually in the Azure AD portal and then edited the app-manifest of that application and populated the appRoles collection with my desired set of AppRoles for users and applications.

    You can refer to the following docs to get help on that:
    https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
    https://learn.microsoft.com/bs-cyrl-ba/azure/////active-directory/develop/howto-add-app-roles-in-azure-ad-apps

    Once the appRoles are added to the app-manifest's appRoles collection, then you can use the following graph api call to get the AppRolesID https://graph.microsoft.com/v1.0/applications?$select=displayName, appId, appRoles&$filter=startswith(displayName, 'App-Name') or use the copy the appRoleID from the app-manifest directly and use it in GraphAPI call.

    Note: When you create the AppRoles in the appManifest, you would have to populate the id property value with a unique guid. I would suggest using an online guid generator to create a guid for that property.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


  3. Vinicius Pereira Gonçalves 1 Reputation point
    2022-03-30T22:29:28.04+00:00

    I'm using Azure for OAu and after logging in I need to capture as permissions or roles of that user to define what he can't do. Can anyone help me with this?

    Ah... I use Graph MS inside the application too (Larav

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.