New-EntraGroupAppRoleAssignment
Assign a group of users to an application role.
Syntax
Default (Default)
New-EntraGroupAppRoleAssignment
-GroupId <String>
-PrincipalId <String>
-AppRoleId <String>
-ResourceId <String>
[<CommonParameters>]
Description
The New-EntraGroupAppRoleAssignment cmdlet assigns a group of users to an application role in Microsoft Entra ID.
Examples
Example 1: Assign a group of users to an application
Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All'
$servicePrincipal = Get-EntraServicePrincipal -Filter "Displayname eq 'Box'"
$group = Get-EntraGroup -SearchString 'Contoso Global'
New-EntraGroupAppRoleAssignment -GroupId $group.Id -PrincipalId $group.Id -ResourceId $servicePrincipal.Id -AppRoleId $servicePrincipal.Approles[1].Id
DeletedDateTime Id AppRoleId CreatedDateTime PrincipalDisplayName PrincipalId
--------------- -- --------- --------------- -------------------- -----------
AaBbCcDdEeFfGgHhIiJjKkLlMmNnOo1 00000000-0000-0000-0000-000000000000 3/13/2024 4:41:43 AM Contoso Team aaaaaaaa-bbbb-cccc-1111-222222222222
3/13/2024 4:45:00 AM BbCcDdEeFfGgHhIiJjKkLlMmNnOoPp2 00000000-0000-0000-0000-000000000000 3/13/2024 4:45:00 AM Finance Group bbbbbbbb-cccc-dddd-2222-333333333333
This example demonstrates how to assign a group of users to an application role in Microsoft Entra ID.
GroupId: The ID of the group to which you're assigning the app role.PrincipalId: The ID of the group to which you're assigning the app role.ResourceId: The ID of the resource service Principal, which has defined the app role.AppRoleId: The ID of the appRole (defined on the resource service principal) to assign to the group.
Parameters
-AppRoleId
Specifies the ID of the app role (defined on the resource service principal) to assign.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Id |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-GroupId
Specifies the ID of a group in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-PrincipalId
Specifies the principal ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ResourceId
The unique identifier (ID) for the resource service principal for which the assignment is made. Required on create. Supports $filter (eq only).
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.