In Blogs

When developing Microsoft cloud solutions, Azure Active Directory is very important. Not only for user accounts, but also for registering your app. With this app you provide secure sign in and authorization for its services. This first of 2 articles describes how to register your app using PowerShell instead of manually clicking it all together in the Azure Management Portal.

AzureADApp

Module AzureAD

Before we can use the required cmdlets assure you have the AzureAD module installed. Run Windows PowerShell as an Administrator and execute the cmdlet Install-Module AzureAD

ModuleAzureAD

(Note: you may need to add the parameter –Force if you have a previous version installed)

More information about the AzureAD module: https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0

Once the module is installed, connect to your Azure AD using the cmdlet Connect-AzureAD

ConnectAzureAD

If your account has access to multiple tenants, then you need to supply the correct tenantId as well.

Connect-AzureAD -TenantId 469e5440-f229-44f8-bed2-c32cdd34d90a

You can find the correct TenantId value in the Azure Portal, under Azure Active Directory and then properties. It’s the Directory ID:

AzureDirectoryID

 

Creating your first Azure AD App Registration

We are using the cmdlet New-AzureADApplication. For this we need to following pieces of information: the name of the application and the IdentifierURI.

$appName = "MyApplication"
$appURI = "https://myapplication.azurewebsites.net"
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
{
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI
}

Voilà.

But of course, you need more. What about the Homepage (where your users can sign in), Reply URLs and even an Application Key (client secret)? Adding the HomePage URL and Reply URLs is easy:

$appName = "MyApplication"
$appURI = "https://myapplication.azurewebsites.net"
$appHomePageUrl = "https://myapplication.octavie.nl"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:12345")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
{
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs    
}

As you can see the parameters HomePage and ReplyUrls are available. If you have multiple ReplyUrls, then supply all of them as an array of strings.

Adding the Application Key

To close this first article I’ll finish with adding the Application Key (aka ClientSecret). This key must be stored in your administration because you will need the value later for some purpose. It cannot be retrieved any more from the Azure Portal.

The cmdlet New-AzureADApplication takes a parameter called PasswordCredential. We need to provide such an object.

$Guid = New-Guid
$startDate = Get-Date
    
$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))+"="

The value of the PasswordCredential object will be your Key (aka ClientSecret) that needs to be saved in your administration. It’s a Base64 value always ending with a ‘=’ character.

ApplicationKey

You can download the complete script from my Assets page. When you run it, it looks like this:

ExecutingScript

Summary

In this first of 2 articles I introduced how to create an Azure AD App Registration using PowerShell. This can be quite useful when automating your processes.

In part 2 I will describe how to add the Required Permissions to your Azure AD app. Stay tuned!

Neem contact op

Stuur ons een mail en we nemen zsm contact op.

Vul je zoekopdracht in.