New-EntraGroupAppRoleAssignment

Assign a group of users to an application role.

Syntax

New-EntraGroupAppRoleAssignment
   -GroupId <String>
   -PrincipalId <String>
   -AppRoleId <String>
   -ResourceId <String>
   [<CommonParameters>]

Description

The New-EntraGroupAppRoleAssignment cmdlet assigns a group of users to an application role in Microsoft Entra ID.

Examples

Example 1: Assign a group of users to an application

Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "Displayname eq 'Box'"
$group = Get-EntraGroup -SearchString 'Contoso Global'
New-EntraGroupAppRoleAssignment -GroupId $group.Id -PrincipalId $group.Id -ResourceId $servicePrincipal.Id -AppRoleId $servicePrincipal.Approles[1].Id

DeletedDateTime        Id                                          AppRoleId                            CreatedDateTime      PrincipalDisplayName PrincipalId
---------------        --                                          ---------                            ---------------      -------------------- -----------
                      AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 00000000-0000-0000-0000-000000000000 3/13/2024 4:41:43 AM Contoso Team         aaaaaaaa-bbbb-cccc-1111-222222222222
3/13/2024 4:45:00 AM  BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 00000000-0000-0000-0000-000000000000 3/13/2024 4:45:00 AM Finance Group        bbbbbbbb-cccc-dddd-2222-333333333333

This example demonstrates how to assign a group of users to an application role in Microsoft Entra ID.

  • GroupId: The ID of the group to which you're assigning the app role.
  • PrincipalId: The ID of the group to which you're assigning the app role.
  • ResourceId: The ID of the resource service Principal, which has defined the app role.
  • AppRoleId: The ID of the appRole (defined on the resource service principal) to assign to the group.

Parameters

-AppRoleId

Specifies the ID of the app role (defined on the resource service principal) to assign.

Type:System.String
Aliases:Id
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-GroupId

Specifies the ID of a group in Microsoft Entra ID.

Type:System.String
Aliases:ObjectId
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PrincipalId

Specifies the principal ID.

Type:System.String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceId

The unique identifier (ID) for the resource service principal for which the assignment is made.
Required on create. Supports $filter (eq only).

Type:System.String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False