Register Azure AD User with Applications

import requests from azure.identity import ClientSecretCredential # Set up Azure AD credentials tenant_id = 'your-tenant-id' # Replace with your Azure AD tenant ID client_id = "your-client-id" # Replace with your Azure AD client ID client_secret = "your-client-secret" # Replace with your Azure AD client secret # Initialize the Azure credentials credential = ClientSecretCredential(tenant_id, client_id, client_secret) def get_service_principal_by_app_id(app_id): """Retrieve the service principal ID by the application (client) ID.""" url = f"https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '{app_id}'" access_token = credential.get_token('https://graph.microsoft.com/.default').token headers = {'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json'} response = requests.get(url, headers=headers) try: response.raise_for_status() service_principals = response.json().get('value') if service_principals: service_principal_id = service_principals[0]['id'] print(f"Service Principal for App ID '{app_id}' found with ID: {service_principal_id}") return service_principal_id else: print(f"No Service Principal found for App ID: {app_id}") return None except requests.exceptions.HTTPError as e: print(f"Failed to retrieve Service Principal: {e.response.status_code} - {e.response.text}") return None def get_app_role_id_by_name(service_principal_id, role_name): """Retrieve the app role ID by role name from a service principal.""" url = f"https://graph.microsoft.com/v1.0/servicePrincipals/{service_principal_id}/appRoles" access_token = credential.get_token('https://graph.microsoft.com/.default').token headers = {'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json'} response = requests.get(url, headers=headers) try: response.raise_for_status() app_roles = response.json().get('value') for role in app_roles: if role['displayName'] == role_name: print(f"App Role '{role_name}' found with ID: {role['id']}") return role['id'] print(f"No App Role found with the name: {role_name}") return None except requests.exceptions.HTTPError as e: print(f"Failed to retrieve App Role: {e.response.status_code} - {e.response.text}") return None def assign_app_role_to_user(user_id, service_principal_id, app_role_id): """Assign an app role to a user.""" url = f"https://graph.microsoft.com/v1.0/users/{user_id}/appRoleAssignments" access_token = credential.get_token('https://graph.microsoft.com/.default').token headers = {'Authorization': f'Bearer {access_token}', 'Content-Type': 'application/json'} payload = { "principalId": user_id, "resourceId": service_principal_id, "appRoleId": app_role_id } response = requests.post(url, headers=headers, json=payload) try: response.raise_for_status() print(f"App role with ID: {app_role_id} assigned to user with ID: {user_id} for Service Principal ID: {service_principal_id}") except requests.exceptions.HTTPError as e: print(f"Failed to assign app role to user: {e.response.status_code} - {e.response.text}") # Example usage: app_id = "your-app-id" # Application (client) ID of the Azure AD application # user_id = "7f16743b-2b12-4697-b065-d9637a1b30e7" # Object ID of the user # user_info to be received from upstream task user_id = user_info["id"] role_name = "Writers_Test_App_Role" # Role name to fetch the role ID # Get the Service Principal ID by application ID service_principal_id = get_service_principal_by_app_id(app_id) if service_principal_id: app_role_id = get_app_role_id_by_name(service_principal_id, role_name) if app_role_id: # Assign the app role to the user if the role was found assign_app_role_to_user(user_id, service_principal_id, app_role_id) """ # Sample Output Service Principal for App ID 'eff3e8cd-ecca-442f-936c-dffadf4fb44f' found with ID: 91da2692-4b04-4c22-bbe1-6b4bc5fe6784 App Role 'Writers_Test_App_Role' found with ID: 61c079fd-f368-4205-ad71-2f8abcd3b81a App role with ID: 61c079fd-f368-4205-ad71-2f8abcd3b81a assigned to user with ID: 7f16743b-2b12-4697-b065-d9637a1b30e7 for Service Principal ID: 91da2692-4b04-4c22-bbe1-6b4bc5fe6784 """