I have to create an application and service principal in the customer tenant using the partner tenant's app credentials as partner tenant is also an admin for all its customers.
This should be done through with no user intervention.
Is it possible to do this. Any help will be appreciated
Asked
Active
Viewed 107 times
-1
smootherbug
- 129
- 12
-
You can't use partner tenant's app credentials to call Microsoft Graph in the customer's tenant because the access token is for partner's tenant. You should use customer tenant's app credentials to do it. You are the CSP admin and should be able to create the app credentials in customer tenant. – Allen Wu Jan 26 '21 at 05:30
-
@AllenWu, I understood the first point. What I am not able to figure out is, this "You are the CSP admin and should be able to create the app credentials in customer tenant." How can I able to create app credentials in customer tenant, programmatically. As the customer is new, how can I achieve that using CSP admin credentials is my question. – smootherbug Jan 27 '21 at 05:55
-
You have to create the **FIRST** Azure AD app manually. Then it can provide the application credentials to call Microsoft Graph. See the comment before under this answer: https://stackoverflow.com/questions/65826554/assign-azure-csp-subscriptions-to-your-customers-programmatically?answertab=votes#tab-top. – Allen Wu Jan 27 '21 at 06:08
1 Answers
0
When you use app credentials what you trigger is the client credentials flow. The token you get will be for the tenant where the app is registered ie partner tenant in this case. If you want to create app registrations and service principals in customer's tenant I believe you need to use the app credentials from the customer's tenant and use this MS graph API to create the application and service principal that you want to create all with no user intervention.
Jeevan_MSFT_Identity
- 369
- 1
- 6
- 20