Automating Role Assignments for Multi-Tenant Applications Using Graph API

Question

Automating Role Assignments for Multi-Tenant Applications Using Graph API

MP732 40

Is there a way to automate assigning the User Administrator role to our multi-tenant application across tenant accounts using Graph API? Currently, this process is done manually, but I'm looking for an API call that could possibly take the tenant ID for the desired tenant, application ID for the application and the role template ID for the desired role. I've searched for information but haven't found much on this.

Givary-MSFT 35,761 Reputation points Microsoft Employee Moderator

2024-11-05T08:19:36.7533333+00:00

@MP732 Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

1 answer

Your answer

Givary-MSFT 35,761 Reputation points Microsoft Employee Moderator

2024-11-05T08:19:36.7533333+00:00

@MP732 Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

Answer 1

Vasil Michev 123.8K MVP Volunteer Moderator

Assigning directory roles via the Graph API is possible, including to service principals. However the permissions required for that effectively give your app "the keys to the kingdom", so I doubt many organizations will be fine with granting them.

Here's the corresponding endpoint: https://learn.microsoft.com/en-us/graph/api/directoryrole-post-members?view=graph-rest-1.0&tabs=http

Share via

Automating Role Assignments for Multi-Tenant Applications Using Graph API

1 answer

Your answer