Is there a way to download a list of users assigned to an Enterprise app in Azure?

Question

They were added manually and I want to add them to a group so I can reuse for similar apps.

Answer 1

Hi @John Hirst

You can use below command to get object id of the service prinicpal:

Get-AzureADServicePrincipal -SearchString display_name_of_the_app

Use below cmdlet to get list of all users assigned to the application:

Get-AzureADServiceAppRoleAssignment -ObjectId object_id_from_above_cmdlet

-----------------------------------------------------------------------------------------------------------

Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

Answer 2

Hi,

Something here might help:
https://stackoverflow.com/questions/39356317/get-azure-active-directory-application-users-and-roles

# Get all service principals, and for each one, get all the app role assignments, 
# resolving the app role ID to it's display name. Output everything to a CSV.
Get-AzureADServicePrincipal | % {

  # Build a hash table of the service principal's app roles. The 0-Guid is
  # used in an app role assignment to indicate that the principal is assigned
  # to the default app role (or rather, no app role).
  $appRoles = @{ "$([Guid]::Empty.ToString())" = "(default)" }
  $_.AppRoles | % { $appRoles[$_.Id] = $_.DisplayName }

  # Get the app role assignments for this app, and add a field for the app role name
  Get-AzureADServiceAppRoleAssignment -ObjectId ($_.ObjectId) | % {
    $_ | Add-Member "AppRoleDisplayName" $appRoles[$_.Id] -Passthru
  }
} | Export-Csv "app_role_assignments.csv" -NoTypeInformation

Best regards,
Leon