Allow granular management access of AAD groups by service principals
We have a scenario where we would like to use automation to manage membership of an AAD group.
We assign group owner permissions to the service principal. However, operations against that group (using Powershell cmdlets like Add-AzureAdGroupMember) fail with a 403 Forbidden.
We cannot grant Directory.ReadWrite permissions to the AAD application, because that would allow write permissions on the entire AAD directory, not just the group that the AAD application owns.
According to Azure support, the scenario where I would like my service principal to manage groups that it owns is not currently possible. Can we make it possible?
Alan Chen
shared this idea
3 comments
-
Anonymous
commented
top5psychics site is one the of the best network in all over the world in which they are providing psychic reading, horoscope, live psychic chat, relationship reading and more our psychic experts will provide u best advice to keep your relationship more strong and more healthy we have top-rated psychic experts having more than 20 year experincce.
Free psychic reading | Psychic reading | Free tarot reading | Top psychic sites | Horoscope reading
-
Jack
commented
With proficient drivers and dependable vehicles, we generally endeavor to convey the best support of our clients. Illustrious Cars gives nearby taxi administrations, significant distance taxis and air terminal exchanges in Tunbridge Wells and its encompassing territories.
-
gmaccountancyuk
commented
Corporation tax return
Bookkeeping Serviceswe are very competitive in pricing. we are a qualified, accountant and bookkeeper