Azure AD add App Role in App Registration using REST API

Question

is there a way to add Add role to existing App registration in Azure Active Directory using REST API/CLI/Powershell?

https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

Martin Brandl · Accepted Answer · 2022-03-11T09:41:50.360

Yes, using the Azure CLI you can specify application roles within the manifest.json. Here an example:

[
  {
    "allowedMemberTypes": ["User"],
    "description": "Approvers can mark documents as approved",
    "displayName": "Approver",
    "isEnabled": "true",
    "value": "approver"
  }
]

The corresponding CLI command:

az ad app create --display-name mytestapp --identifier-uris https://mytestapp.websites.net --app-roles @manifest.json

Source.

score 0 · Answer 2 · answered Jul 20 '23 at 13:51

Yes this is possible. The way Martin is suggesting is not what you asked for as that only allows the creation of an app.

You need https://learn.microsoft.com/en-us/cli/azure/ad/app?view=azure-cli-latest#az-ad-app-update. However in order to update the list of roles you will need to fetch the existing first and append them to the role(s) you want to add.

A better option is to use https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http. This allows you to use the REST and is much easier to use.

Azure AD add App Role in App Registration using REST API

2 Answers2