Here is the deal... I'm very, very green on Azure AD, with little to no experience. Yet, I've been tasked to setup some Enterprise applications as follows:
- We have a Drupal site that is set to use SSO through Azure AD.
- The SSO has to be setup for the "Production" and "Staging" environments
- Because of the difference in URLs for each environment (set in the "Set up Single Sign-On with SAML" page), each has its own "Enterprise Application" set in Azure AD.
- The "App roles" (under Active Directory) being provisioned for both environments is identical.
- The "Users and Groups" (under Enterprise Applications) are also identical for both.
- There are over 40 Active Directory groups being used on this site.
- And eventually I will have to repeat the process above for all our other sites (5 so far) The question is: Can the "App roles" and/or "User and Groups" be cloned/copied/duplicated from one "Enterprise Application" to another? Or do I have to do the job manually?
CodePudding user response:
To copy the app roles, open the App Registration
of the source app (App1
), go to the Manifest
blade, which is a JSON representation of the various attributes you see in the portal GUI, and copy the values in the appRoles
key
Now go to the Manifest
of your new app(s) (App2
), and paste the values into the same appRoles
If you go to the App roles
blade, you'll now see your copied app roles
Unfortunately you won't be able to copy/paste the users/groups and roles assigned using the portal, but you can do this, and the previous task of copying the app roles, using various PowerShell cmdlets.