Is feasable to dynamically create an app registration (for external tenants) on a per tenant basis?

AD Dev 126 Reputation points
2021-09-29T14:11:05.257+00:00

There are API's to create app registration, and link them to MPN account to make it verified. I was wondering if it would be generally feasible to create a mult-tenant, verified app registration dynamically to use on a per-tenant basis (which can help with token isolation ect.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,891 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 55,551 Reputation points
    2021-10-01T07:45:27.207+00:00

    Hi @AD Dev • Thank you for reaching out.

    You can certainly do that if you have required set of permissions in all the target tenants where you want to programmatically create application registration.

    In order to create App Registration via API such as Graph API, you need to have below permissions in all the tenants where you want to register the applications:

    • If you are using user context (by using the bearer token acquired with user credentials), Application.ReadWrite.All and Directory.AccessAsUser.All permissions are required.
    • If you are using application/servicePrincipal context (by using the bearer token acquired with application credentials using client_credentials flow), Application.ReadWrite.OwnedBy and Application.ReadWrite.All permissions are required.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest