In order to install MSOL, open up PowerShell and type in : In order to add the application role to a service principal we will have to utilize the older MSOL powershell Cmdlets. Please be sure to get the global admin to perform to set the Enterprise Application to have the administrative privilege. ![]() You will need to be a Global Administrator in order to set the roles to the Enterprise Application. In order to add an Application role to a Service Principal, you will need to have the proper permissions to assign roles to objects. You can also utilize AAD powershell V2.0. We will be using Version 1.1.166.0 (PowerShell V1 General Availability) The history for the AAD libraries can be found here: So as of 8-29-2018 they have not been deprecated yet, however please be sure to check the status of MSOL library. ![]() Note: We will be using MSOnline powershell cmdlets, these are a bit outdated. In this post we will go over installing MSOnline (MSOL) PowerShell module, finding the Object ID for your Enterprise Application, and then giving the Enterprise Application an administrative role. ![]() This is convenient when a user wishes to use a service principal in order to reset a password, or to perform some activity that requires admin privileges programmatically without an interactive sign in (using client credentials grant type flow). This post is to help users be able to assign administrative roles to Enterprise Applications/Service Principals so that they can perform duties that would otherwise require a user with elevated permissions to accomplish.
0 Comments
Leave a Reply. |