Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,081 questions
How to create client apps with pre-consented app roles
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 28.000000000000004%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Miklos Szots
0
Reputation points
Hi,
I have a service app to which I want to provision clients on demand.
Some clients are regular, but some have elevated access. We could call these Client and AdminClient.
Now I could model this with either permissions/scopes or app roles but in either cases it seems to be impossible to automatically grant consent to this client apps so that an admin doesn't have to go and do that manually.
My client app creator could of course have the appropriate permission to consent these scopes/roles but that's for the whole tenant, which wouldn't be great from an organisational point of view.
What's the best practice here? Avoid Entra Id for service to service authz use cases , or?
Sign in to answer