Share via

Grant tenant admin consent to an application by programming/coding

Yan Fang 0 Reputation points Microsoft Employee
2025-04-24T09:22:14.0033333+00:00

Hello, I have many test tenants and my work needs to grant tenant admin consent to an application.

The current solution is manual, here are the current steps I take:
1.Open browser and access this link:
https://login.microsoftonline.com/{$TenantId}/oauth2/authorize?client_id={$AppId}&response_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient

2.A login window pops up, login with the tenant admin account.

3.A consent window pops up, click "Accept".

203839-new-app.png

My question is how to automate the process using programming approach to skip all interactive actions?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,582 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 118.1K Reputation points MVP Moderator
    2025-04-24T15:48:06.36+00:00

    To add consent programmatically, you can use the appRoleAssignment endpoint (for application permissions): https://learn.microsoft.com/en-us/graph/api/serviceprincipal-post-approleassignments?view=graph-rest-1.0&tabs=http

    Or the oAuth2PermissionGrant endpoint for delegate permissions: https://learn.microsoft.com/en-us/graph/api/oauth2permissiongrant-post?view=graph-rest-beta&tabs=http

    If you prefer to use the Graph SDK for PowerShell, I have a more detailed writeup here: https://www.michev.info/blog/post/6080/how-to-manage-entra-id-delegate-permissions-for-specific-users

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.