Share via

Queried the servicePrincipal GraphAPI and got several keyCredentials, went to the app "certificates and secrets" page and the keys are not there

Ity 61 Reputation points
2021-04-07T10:02:10.247+00:00

What is the reason that I see multiple keyCredentials for a given servicePrincipal on the GraphAPI but when I go to the associated app page, on the app registrations, and then to certificated and credentials I don't see any keys or certificates?

The app is used for SSO to AWS.

Thanks.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. AmanpreetSingh-MSFT 56,956 Reputation points Moderator
    2021-04-08T14:00:21.76+00:00

    Hi @Ity · Thank you for reaching out.

    Service Principal object (present under Enterprise Applications) and Application object (present under App Registration) for a given app are two different objects with different Object IDs but same App ID.

    In your case, you are querying Service Principal of your application via graph api, which is returning the keyCredentials for certificates configured under SSO settings of the enterprise application.

    On the portal, you are checking the app under Application Registration, where no certificate is configured.

    To better understand, try running below PS cmdlets available in AzureADPreview module:

    • Get-AzureADServicePrincipal -ObjectId object_id_of_app_from_enterprise_apps | fl key*
    • Get-AzureADApplication -objectid object_id_of_app_from_app_registration | fl key*

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.