PowerShell Basics: How to Create an Azure AD App Registration

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.

Azure Active Directory (Azure AD) is Microsoft's fully managed multi-tenant identity and access capabilities for app service. More organizations are now harnessing the security capabilities of Azure AD into the apps they create for an additional layer of authentication. This post will cover how to register an app to Azure AD via PowerShell to take advantage of this.

 

Prerequisite

 

The Azure AD Module needs to be added to PowerShell prior to getting started. Execute the command below in PowerShell using elevated or Administrative status: 

 

Install-Module AzureAD

 

Once the Azure AD Module is installed, run the following command in the same PowerShell window to connect to the required Azure AD tenant: 

 

Connect-AzureAD

NOTE: The required TenantId will be required in subscriptions with multiple tenants. The TenantId value can be found in the Azure Portal navigating to Azure Active Directory > Properties and is listed under Directory ID.

 

AzureAD_App_Registration_TenantId_001.pngAzure Active Directory TenantId

 

Run the following command in the same PowerShell window to connect to the specific Azure AD TenantId (if required): 

 

Connect-AzureAD -TenantId *Insert Directory ID here*

 

Step 1: Creating the Azure AD App Registration

 

Next the following cmdlet is run, now that required Azure AD tenant is connected to PowerShell, to capture the name of the application and the IdentifierURI.

 

$appName = "TailwindTradersSalesApp"
$appURI = "https://tailwindtraderssalesapp.twtmitt.onmicrosoft.com"
$appHomePageUrl = "http://www.tailwindtraders.com/"
$appReplyURLs = @($appURI, $appHomePageURL, "https://localhost:1234")
if(!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'"  -ErrorAction SilentlyContinue))
{
    $myApp = New-AzureADApplication -DisplayName $appName -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs    
}

 

Step 2: Adding the App Key

 

With the required URIs now captured, it is time to add the application key.  The key will be stored in the Azure Key Vault which ensures the it's security and disallows unauthorized access. Run the following command to invoke this process: 

 

$Guid = New-Guid
$startDate = Get-Date
    
$PasswordCredential = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordCredential
$PasswordCredential.StartDate = $startDate
$PasswordCredential.EndDate = $startDate.AddYears(1)
$PasswordCredential.KeyId = $Guid
$PasswordCredential.Value = ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(($Guid))))

 

NOTE: The PasswordCredential value is created as a Base64 value and is saved in the Azure Key Vault.

 

This process can also be completed via the Azure Portal but will take much more time to complete.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.