When developing Microsoft cloud solutions, Azure Active Directory is very important. Not only for user accounts, but also for registering your app. With this app you provide secure sign in and authorization for its services. This first of 2 articles describes how to register your app using PowerShell instead of manually clicking it all together in the Azure Management Portal.
Module AzureAD
Before we can use the required cmdlets assure you have the AzureAD module installed. Run Windows PowerShell as an Administrator and execute the cmdlet Install-Module AzureAD
(Note: you may need to add the parameter –Force if you have a previous version installed)
More information about the AzureAD module: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0
Once the module is installed, connect to your Azure AD using the cmdlet Connect-AzureAD
If your account has access to multiple tenants, then you need to supply the correct tenantId as well.
Connect-AzureAD -TenantId 469e5440-f229-44f8-bed2-c32cdd34d90a
You can find the correct TenantId value in the Azure Portal, under Azure Active Directory and then properties. It’s the Directory ID:
Creating your first Azure AD App Registration
We are using the cmdlet New-AzureADApplication. For this we need to following pieces of information: the name of the application and the IdentifierURI.
$appName = "MyApplication" $appURI = "https://myapplication.azurewebsites.net" if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'" -ErrorAction SilentlyContinue)) { $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI }
Voilà.
But of course, you need more. What about the Homepage (where your users can sign in), Reply URLs and even an Application Key (client secret)? Adding the HomePage URL and Reply URLs is easy:
$appName = "MyApplication" $appURI = "https://myapplication.azurewebsites.net" $appHomePageUrl = "https://myapplication.octavie.nl" $appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:12345") if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'" -ErrorAction SilentlyContinue)) { $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs }
As you can see the parameters HomePage and ReplyUrls are available. If you have multiple ReplyUrls, then supply all of them as an array of strings.
Adding the Application Key
To close this first article I’ll finish with adding the Application Key (aka ClientSecret). This key must be stored in your administration because you will need the value later for some purpose. It cannot be retrieved any more from the Azure Portal.
Edit: There is a new cmdlet New-AzureADApplicationPasswordCredential.
# # Application Password Credentials (ClientSecret) # $startDate = Get-Date $endDate = $startDate.AddYears($script:yearsOfExpiration) $aadAppKeyPwd = New-AzureADApplicationPasswordCredential -ObjectId $AADApplication.ObjectId -CustomKeyIdentifier "Primary" -StartDate $startDate -EndDate $endDate
The cmdlet New-AzureADApplication takes a parameter called PasswordCredential. We need to provide such an object (outdated version, probably not working anymore).
$Guid = New-Guid $startDate = Get-Date $PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential $PasswordCredential.StartDate = $startDate $PasswordCredential.EndDate = $startDate.AddYears(1) $PasswordCredential.KeyId = $Guid $PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))+"="
The value of the PasswordCredential object will be your Key (aka ClientSecret) that needs to be saved in your administration. It’s a Base64 value always ending with a ‘=’ character.
You can download the complete script from my Assets page. When you run it, it looks like this:
Summary
In this first of 2 articles I introduced how to create an Azure AD App Registration using PowerShell. This can be quite useful when automating your processes.
In part 2 I will describe how to add the Required Permissions to your Azure AD app. Stay tuned!
I guess New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential, does not work anymore for the new Azure AD Powershell!
Also, is there any way to create an Azure Native App with PowerShell?
Good catch. I’ll update the post with the new cmdlet New-AzureADApplicationPasswordCredential.
Regarding the Azure Native App, I don’t know. Never looked into that one.
Consider using New-AzureADApplicationKeyCredential instead.
Hi Octavie,
I want to automate to create api app and register in AAD with keys and save those keys in Keyvault.
I am able to connect AAD by providing credintails to Connect-AzureAD. Is it possible to connect AAD using service principle like we connect to Login-AzureRmAccount -ServicePrincipal -Credential $secureCredential -TenantId? Because i should not use credintial in release defination.
Thanks,
Sudheer Yalamarthi
Hi Sudheer,
Does example 3 answer your question?
https://docs.microsoft.com/en-us/powershell/module/azuread/connect-azuread?view=azureadps-2.0
grtz,
Octavie
Thanks for your reply Octavie.
No it is not. In 3rd example also connecting to aad using Connect-AzureAD. We don’t want to connect AAD by using user credentials . Looking for solution to call graph api and do app registration in aad.
Thanks,
Sudheer Yalamarthi.
Great article