Im trying to start working with the v2.0 endpoint, I registered my web app in the new Application registration portal, but I cannot find it anywhere in my Azure AD. Should I not be able to see it there?
I tried creating an app both with my work azure account, and with an account I created specifically in the tenant. Neither works. Am I missing something?a
You could find it Azure Active Directory-->Enterprise applications-->All applications.
But you only could see Azure AD only applications. Currently, Converged applications could not see on Azure Portal, please refer to this feedback.
Update from comment:
The blade enterprise applications represents service principals in the AAD tenant, not applications. Once you sign into the app & consent or manually provision a service principal, you'll see it in this list.
Related
Stuff in Azure are secured with Service Accounts. In order for me to see stuff I need to download the Service Account certificate and then log in via the Azure CLI using the extracted certificate and the Service Account Application Id. So now I can see everything the Service Account can see, great. But it is a pain in the neck and slow. So my question: Can I use the same certificate and credentials to log into the Azure Portal website so I can browse around using the web browser instead?
Using a Service Principal for interactive logins to the Azure Portal is not possible - which is by design. In order to be able to see the same resources as the Service Principal through the Azure Portal, you would require a user account that holds the Azure RBAC Reader role against those resources that are in scope of the Service Principal role assignments.
As you mentioned performance being an issue with using the Service Principal login, you could try Azure Resource Graph queries. These are supported by Azure CLI, Azure PowerShell as well as all the major Azure SDK's. Obviously, this won't bring you the visual experience like the Azure Portal but might resolve the performance piece maybe.
However, requesting/creating a user account that has the corresponding RBAC roles assigned would be the only way to allow you to see the resources through the Azure Portal.
Can someone describe to me the differences in registering Enterprise Applications via
Application Registration Portal (https://apps.dev.microsoft.com)
Azure Portal (https://portal.azure.com, Home -> Azure Active Directory -> Enterprise Applications)
Azure AAD Portal (https://aad.portal.azure.com)
Perhaps there are even others that you may know of.
The application registered in the Application Registration Portal is the v2.0 application, which supports both Azure AD & Microsoft Accounts. Works with MSAL & most 3rd party oAuth/OIDC libraries. Can call the Microsoft Graph, and your own web API with ID tokens. If you register an application using personal Microsoft account, the application won't be visible in Azure Active Directory. For more details, you can refer to here.
While the application registered in the Azure Portal is the v1.0 application, which only supports sign in with Azure AD accounts. Can call the Microsoft Graph, other Microsoft resources, your own web API. For more details, take a look at the doc.
There's a doc describe the difference between the two endpoints.
As far as I know, the application registration is almost the same in the Azure Portal and Azure AAD Portal.
I understand the concept of AzureAD App Registrations and I'm using it in several projects. Now I need to generate a Web App that should be deployable as a component in any AAD. This Web App should use Azure APIs to discover components in the subscription it is deployed to which I don't know at develop time.
What is the preferred way to accomplish the app registration fully automated at deploy time? I need to register an app in AAD and then to store the informations (App Id, Tenant ID, ...) in my web.config somehow.
The problem is that you can't develop an app that has access to the Azure AD without it being registered first.
The Azure Portal and Powershell have access. Maybe you can use Powershell to script the permission grant in your scenario?
Otherwise, (I did this a while back for a solution) you can create a multi-tenant web app, that your customers' Azure AD tenant administrators can sign in to. With the tenant administrators granting access, the web app can then access their Azure AD graph API and create the required application definition for your application.
In my scenario the Azure AD client application ran on-premise. It required access to the Azure AD graph API and also needed certificate based authentication towards the Outlook 365 Exchange Web Service. So the web app could create the certificate, grant access to the required APIs, and let the user download the certificate, application ID etc. The on-prem app could then use the downloaded file as its configuration for accessing the Azure AD and other APIs.
I want to access Azure Directories and Subscriptions using my web app hosted on my server but i do not want to register my app in active directory because
i do not have permissions to register my app in active directory
I want to authenticate users from out of my active directory too.
for example following sites let you authenticate any Azure AD user.
https://resources.azure.com/
https://azureiotsuite.com
Please help me to where to start. i have tried Azure AD authentication but it asks you to register your app in Azure AD Apps.
One option is to register your app at https://apps.dev.microsoft.com. (And use the v2 endpoints)
Documentation here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-appmodel-v2-overview
What you want to make is known as a multi-tenant application. An application to which you can login from any Azure AD tenant.
The first link leads you to create a converged app which allows you to use Microsoft accounts as well as Azure AD accounts to sign in.
If you only want Azure AD accounts, you could just create an Azure AD and register the app there as a multi-tenant app. (And use the v1 endpoints)
I tried to grant delegated permissions to webApi using azure.portal.com.
Two web App/API application was register on azure AD. When i try to use 'Settings->RequiredPermissions->Add->Select an API' i not see my created application in list.
Same problem for old azure portal described on Granting native application access to web application
But new portal not fixed with previous solution.
Could anyone help, please ?
The Azure AD app registration blades in portal.azure.com are currently not creating a servicePrincipal in the tenant when you register your application. This means that the API you create will not show up in the list of apps to select from. More detail in this blog post