Typically when working with App Roles in Azure Active Directory for a single application registration or service principal and then self consuming that app role as an Application API Permission you would see in the Enterprise Application > Users and Groups blade that service principals are added.
Every now and then a question comes up on assign service principals (application registrations) to other service principals (application registrations) without creating app roles. Is that possible?
The answer is YES! It is possible.
Here is how:
Author
Related Posts
Diving into Primary Refresh Tokens and Authentication Strengths in Microsoft Entra ID
Microsoft Entra ID is the backbone of modern identity management, powering secure access to cloud and hybrid resources. At its core, the...
- authentication
- Biometrics
- Certificate-based Authentication
- Conditional Access
- Cybersecurity
- Device Binding
- Federated Authentication
- FIDO2
- Hybrid Access
- Identity Management
- Kerberos
- MFA
- Microsoft Authenticator
- Microsoft Entra ID
- Multi-factor Authentication
- NTLM
- OAuth 2.0
- OpenID Connect
- Passwordless
- Phishing-resistant
- Primary Refresh Token
- PRT
- SAML
- Security Keys
- Single Sign-On
- Smartcard
- SSO
- Temporary Access Pass
- Windows Hello
- WS-Federation
Mastering PRT Delayed Renewal in Microsoft Entra ID: Controls, Configurations, and Real-World Scenarios
In the evolving landscape of identity management, the Primary Refresh Token (PRT) stands as a cornerstone of seamless single sign-on (SSO) in...
Read out all
Understanding Tokens in Microsoft Entra ID: Types, Lifetimes, and Beyond
In the world of modern identity and access management, tokens are the digital keys that unlock secure access to resources. Microsoft Entra...
Read out all
Get all the domains controllers in the AD forest along with their current FSMO roles
In a large enterprise an admin would need to keep track of all the domains in a AD forest, the domain names,...
Read out all
Get Inactive Users Report for the past 60 days in a multi domain environment
I had a request recently to provide an inactive user report for the past 60 days. Basically, find out which accounts have...
Get Primary, Secondary, Tertiary DNS values and more from Multiple Servers
Came across a unique request to get primary, secondary, and tertiary DNS values for multiple computers/servers across the domain. I started writing...