New-EntraGroupAppRoleAssignment
Assign a group of users to an application role.
Syntax
New-EntraGroupAppRoleAssignment
-GroupId <String>
-PrincipalId <String>
-AppRoleId <String>
-ResourceId <String>
[<CommonParameters>]
Description
The New-EntraGroupAppRoleAssignment
cmdlet assigns a group of users to an application role in Microsoft Entra ID.
Examples
Example 1: Assign a group of users to an application
Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "Displayname eq 'Box'"
$group = Get-EntraGroup -SearchString 'Contoso Global'
New-EntraGroupAppRoleAssignment -GroupId $group.Id -PrincipalId $group.Id -ResourceId $servicePrincipal.Id -AppRoleId $servicePrincipal.Approles[1].Id
DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId
--------------- -- --------- --------------- -------------------- -----------
AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 00000000-0000-0000-0000-000000000000 3/13/2024 4:41:43 AM Contoso Team aaaaaaaa-bbbb-cccc-1111-222222222222
3/13/2024 4:45:00 AM BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 00000000-0000-0000-0000-000000000000 3/13/2024 4:45:00 AM Finance Group bbbbbbbb-cccc-dddd-2222-333333333333
This example demonstrates how to assign a group of users to an application role in Microsoft Entra ID.
GroupId
: The ID of the group to which you're assigning the app role.PrincipalId
: The ID of the group to which you're assigning the app role.ResourceId
: The ID of the resource service Principal, which has defined the app role.AppRoleId
: The ID of the appRole (defined on the resource service principal) to assign to the group.
Parameters
-AppRoleId
Specifies the ID of the app role (defined on the resource service principal) to assign.
Type: | System.String |
Aliases: | Id |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GroupId
Specifies the ID of a group in Microsoft Entra ID.
Type: | System.String |
Aliases: | ObjectId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PrincipalId
Specifies the principal ID.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceId
The unique identifier (ID) for the resource service principal for which the assignment is made.
Required on create. Supports $filter (eq only).
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |