Azure AD应用程序读取组成员身份 [英] Azure AD App Read Group membership

问题描述

我正在创建一个维护应用程序，以从AAD读取所有组成员身份.

I am creating a maintenance app to read all group membership from AAD.

以用户身份登录后，我可以阅读所有详细信息-用户和组.当我使用Powershell读取用户详细信息时-我能够做到.我的用户有权阅读AD用户和组详细信息.

When I logged in as user, I am able to read all details -Users and Groups. When I use powershell to read users details - I am able to do. My user have access to read AD User and Group details.

当我尝试将权限分配给AD App时，需要管理员同意才能读取其他用户/组详细信息.基本上，Azure Graph RBAC读取其他详细信息始终需要管理员同意.我想通过模拟用户到AD App来完成任务，而无需征得管理员的同意.当我尝试使其自动化时，多因素身份验证始终会阻止我.任何帮助！

When I try to assign the permission to AD App it needs admin consent to read other user/group details. Basically Azure Graph RBAC reading other details always need admin consent. I want to accomplish the task with my user impersonation to the AD App without asking admin consent. Multifactor authentication always block me when I try to automate it. any help!

推荐答案

如果您是管理员，则还可以代表租户中的所有用户同意应用程序的委派权限.这将阻止在租户中为每个用户显示同意对话框.

If you're an administrator, you can also consent to an application's delegated permissions on behalf of all the users in your tenant. This will prevent the consent dialog from appearing for every user in the tenant.

您可以在应用程序页面的Azure门户中执行此操作.在应用程序的设置"边栏选项卡中，单击必需的权限"，然后单击授予权限按钮.

You can do this from the Azure portal from your application page. From the Settings blade for your application, click Required Permissions and click on the Grant Permissions button.

有关向Azure AD中的APP授予权限的更多详细信息，请参考此文档.

More details about Grant permissions to an APP in Azure AD, refer to this document.

这篇关于Azure AD应用程序读取组成员身份的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！