What are the type of applications that we can register in Azure AD via PowerShell ?

Question

What are the type of applications that we can register in Azure AD via PowerShell ?

Mano K 21

Hi Team,
Could you please tell me, what are the type of applications that we can register in Azure AD via PowerShell? We are planning to automate the app registrations so I need to know the type of applications that I need to automate.

As of now, we planned to automate below application types.

Gallery Apps or SAAS based apps with SSO enabled
On-Premises app using App proxy
Non-gallery apps - web API

Please correct me and guide me if I am going in the right direction or not.

Appreciate your comments and guidance.

Accepted answer

2 additional answers

Your answer

Answer 1

soumi-MSFT 11,831 Microsoft Employee Moderator

@Mano K , Yes, you can automate the app creation in Azure AD. The simplest way to deploy apps automatically is to use the AppCreation script that you would be able to find with most of our published sample codes for OAuth and OIDC. Now you can pick that code and modify that according to your requirements.

The main idea that you need to keep in mind is, when you need to register an app, it creates two main objects in AAD, i.e Application Object (Found under App Registration blade) and the registered app's Service Principal Object (can be found under Enterprise Registration Blade). Both the entries would have the same name.

Now using the AppCreation script it uses powershell cmdlets to create these two objects and configure them as needed.

The same concept works for both Applications and Web APIs that you plan to protect or register in AAD.

For SAML apps the steps are little different as for SAML apps you have two available option for configuration:

Now both these options are used mostly to add SAML applications to Azure AD, be it an already hosted app like Salesforce, ServiceNow etc, or a custom SAML app developed in-house.

You can also automate the steps of adding a gallery app but to some extent. You can refer to one of my other posts where the customer had similar requirements for SAML apps automation: https://learn.microsoft.com/en-us/answers/questions/22497/create-saml-application-in-azure-ad-via-powershell.html

Now coming to adding SAML, OAUTH or OIDC apps in ADFS, it totally different from doing it in AAD. Though the concept remains the same, but if you would like to d it with Powershell, cmdlets would change completely.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

Mano K 21 Reputation points

2020-08-26T06:51:52.663+00:00

@soumi-MSFT thanks for your explanation it really helps me a lot, I can ask my team to analyze further on the same.
It would be great if you share some AppCreation scripts or some links, references.
soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator

2020-08-26T07:05:27.94+00:00

@Mano K , Sure, you can refer to this link: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC/1-1-MyOrg/AppCreationScripts

This link has the .md file that explains how to use this AppCreation script, what options are available and now to clean this up too if something doesnt work out properly.
Also, this link would help you get your hands on the Configure.ps1 file that is the actual automatic app creation ps script.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
Mano K 21 Reputation points

2020-08-26T11:29:44.553+00:00

Hi @soumi-MSFT , I just went through the example provided in the document and I have one final question from my side.
I saw the example provided for webApp, for Web API also we used to follow the same process, in some scenarios if we are going to register the "SAML" web application then the process-wise it is the same but differs on by adding the SAML Metadata is that right? above are the 3 ways we used to follow the same process with the same script right? or we have some other apps to follow the same process? because we want to freeze the application types.

For ADFS application we have to use "AppProxy Connector" and the process is different from the above 3 ways, right?

Please correct us if we are wrong.
Mano K 21 Reputation points

2020-08-26T11:32:41.977+00:00

Also, please let us know, is there any possibilities to enable SSO via PowerShell once the app registration has been done.

Appreciate, if you share us the enable SSO scripts/links via Powershell.
soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator

2020-08-26T14:03:26.04+00:00
@Mano K , For a WebAPI to be published in Azure AD, the steps remain the same as Web App, just that an additional step needs to be done, that is getting the API to expose. You can do that by appending the following snippet in your script:

$appName = "SampleAPI1" $app = New-AzureADApplication -DisplayName $appName -ReplyUrls "http://localhost:1234" Set-AzureADApplication -ObjectId $app.ObjectId -IdentifierUris ("api://" + $app.AppId) -Verbose
soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator

2020-08-26T14:12:26.867+00:00

@Mano K , For creating SAML Apps using Powershell you need to follow the script mentioned here: https://learn.microsoft.com/en-us/answers/questions/22497/create-saml-application-in-azure-ad-via-powershell.html

As for SAML apps, things are a little different when you are registering it, as mentioned in my first response to this post. And again, for ADFS, these steps won't work. It's a separate beast that has to be dealt in its own unique way.

This should cover up for all the types of App Registrations in AAD.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

Answer 2

James Hamil 27,221 Microsoft Employee Moderator

Hi, for using App proxy I believe the only thing you can automate is the connector. Here is a good list of samples of things you can automate as well. If you have any questions I can clarify please let me know!

Mano K 21 Reputation points

2020-08-25T04:10:23.237+00:00

@JamesHamil, Thanks for your answer but my team wants more information on the type of applications and enabling the SSO and authentications.

Based on the MS article we came to know that we can create web applications and SAMLapplication and OAuth applications. But my concern is what about the Web API and ADFS application? Are these part of the web/SAML/Oauth applications? please correct us here.

I have searched a lot of article on the internet about the enable SSO using the Powershell command and I didn't find any article about the SSO using PowerShell cmdlets, it would be great if you shared the article or piece of codes that can enable the SSO post the app has been registered.

We are new to this platform, please guide us to achieve our goal.

Our main goal is to Automate the Apps(Web/API/Oauth/Saml/ADFS) registration using Powershell with Enable SSO and setting RBAC roles.

We are stuck at the initial stage of differentiate the apps. Please guide us.

Answer 3

soumi-MSFT 11,831 Microsoft Employee Moderator

@Mano K , Also, I would like to say that I had worked up a similar ask (you can find the thread here) some time back and after a lot of glitches, we were able to prepare a full-fledged Automation script using Powershell for App-Registrations (only for OAuth Apps). That customer wrote a blog, which I would really recommend you take a look at.

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator

2020-08-27T05:40:00.523+00:00

@Mano K , Just wanted to check if the above response helped you or if there are any more queries around this so that we can help you better.
Mano K 21 Reputation points

2020-08-27T09:49:34.463+00:00

@soumi-MSFT , now I have more clarity on this, and thanks for your quick responses. I think i can proceed with what I have now. I will let you know if anything required.

Share via

What are the type of applications that we can register in Azure AD via PowerShell ?

2 additional answers

Your answer