Creating Azure AD App Registration with PowerShell – Part 1

When developing Microsoft cloud solutions, Azure Active Directory is very important. Not only for user accounts, but also for registering your app. With this app you provide secure sign in and authorization for its services. This first of 2 articles describes how to register your app using PowerShell instead of manually clicking it all together in the Azure Management Portal.

image

Module AzureAD

Before we can use the required cmdlets assure you have the AzureAD module installed. Run Windows PowerShell as an Administrator and execute the cmdlet Install-Module AzureAD

image

(Note: you may need to add the parameter –Force if you have a previous version installed)

More information about the AzureAD module: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

Once the module is installed, connect to your Azure AD using the cmdlet Connect-AzureAD

image

If your account has access to multiple tenants, then you need to supply the correct tenantId as well.

Connect-AzureAD -TenantId 469e5440-f229-44f8-bed2-c32cdd34d90a

You can find the correct TenantId value in the Azure Portal, under Azure Active Directory and then properties. It’s the Directory ID:

image

 

Creating your first Azure AD App Registration

We are using the cmdlet New-AzureADApplication. For this we need to following pieces of information: the name of the application and the IdentifierURI.

$appName = "MyApplication"
$appURI = "https://myapplication.azurewebsites.net"
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
{
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI
}

Voilà.

But of course, you need more. What about the Homepage (where your users can sign in), Reply URLs and even an Application Key (client secret)? Adding the HomePage URL and Reply URLs is easy:

$appName = "MyApplication"
$appURI = "https://myapplication.azurewebsites.net"
$appHomePageUrl = "https://myapplication.octavie.nl"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:12345")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
{
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs    
}

As you can see the parameters HomePage and ReplyUrls are available. If you have multiple ReplyUrls, then supply all of them as an array of strings.

Adding the Application Key

To close this first article I’ll finish with adding the Application Key (aka ClientSecret). This key must be stored in your administration because you will need the value later for some purpose. It cannot be retrieved any more from the Azure Portal.

Edit: There is a new cmdlet New-AzureADApplicationPasswordCredential.

#
# Application Password Credentials (ClientSecret)
#
$startDate = Get-Date
$endDate = $startDate.AddYears($script:yearsOfExpiration)
$aadAppKeyPwd = New-AzureADApplicationPasswordCredential -ObjectId $AADApplication.ObjectId -CustomKeyIdentifier "Primary" -StartDate $startDate -EndDate $endDate

The cmdlet New-AzureADApplication takes a parameter called PasswordCredential. We need to provide such an object (outdated version, probably not working anymore).

$Guid = New-Guid
$startDate = Get-Date
    
$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))+"="

The value of the PasswordCredential object will be your Key (aka ClientSecret) that needs to be saved in your administration. It’s a Base64 value always ending with a ‘=’ character.

image

You can download the complete script from my Assets page. When you run it, it looks like this:

image

Summary

In this first of 2 articles I introduced how to create an Azure AD App Registration using PowerShell. This can be quite useful when automating your processes.

In part 2 I will describe how to add the Required Permissions to your Azure AD app. Stay tuned!

Share