Is feasable to dynamically create an app registration (for external tenants) on a per tenant basis?

AD Dev 126 Reputation points

There are API's to create app registration, and link them to MPN account to make it verified. I was wondering if it would be generally feasible to create a mult-tenant, verified app registration dynamically to use on a per-tenant basis (which can help with token isolation ect.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,891 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 55,551 Reputation points

    Hi @AD Dev • Thank you for reaching out.

    You can certainly do that if you have required set of permissions in all the target tenants where you want to programmatically create application registration.

    In order to create App Registration via API such as Graph API, you need to have below permissions in all the tenants where you want to register the applications:

    • If you are using user context (by using the bearer token acquired with user credentials), Application.ReadWrite.All and Directory.AccessAsUser.All permissions are required.
    • If you are using application/servicePrincipal context (by using the bearer token acquired with application credentials using client_credentials flow), Application.ReadWrite.OwnedBy and Application.ReadWrite.All permissions are required.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful