![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 99%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
in the meantime i figured out how to do it:
Here is the solution if others require it.
Assign the values to the variables
$username = "Testuser@test .com"
$app_name = "MyTest1"
$app_role_name = "User"
Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId "$username"
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }
Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
Assign Password Based SSO Credentials
$credentials = New-Object -TypeName Microsoft.Open.MSGraph.Model.PasswordSSOCredentials
$credentials.Id = "xx0a75bd-yy60-xx8e-xx61-7fcxxyy70886"
$creds1 = [Microsoft.Open.MSGraph.Model.PasswordSSOCredential]@{FieldId="param_1"; Value="user@test .com"; Type="text"}
$creds2 = [Microsoft.Open.MSGraph.Model.PasswordSSOCredential]@{FieldId="param_2"; Value="BlaBlaPassword"; Type="password"}
$credentials.Credentials = @($creds1, $creds2)
$new_creds_output = New-AzureADMSPasswordSingleSignOnCredential -ObjectId xxb42c1e-bfxx-4bxx-b72a-xx16af9f75ba -PasswordSSOCredential $credentials
KR Harald