|
| 1 | +# Registering sample apps with the Microsoft identity platform and updating configuration files using PowerShell |
| 2 | + |
| 3 | +## Overview |
| 4 | + |
| 5 | +### Quick summary |
| 6 | + |
| 7 | +1. Set the execution policy if this is the first time you are running external scripts: |
| 8 | + |
| 9 | + ```PowerShell |
| 10 | + Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force |
| 11 | + ``` |
| 12 | + |
| 13 | +1. Run the script to create your Azure AD application and configure the code of the sample application accordingly. |
| 14 | + |
| 15 | + ```PowerShell |
| 16 | + cd .\AppCreationScripts\ |
| 17 | + .\Configure.ps1 -TenantId "your test tenant's id" -AzureEnvironmentName "[Optional] - Azure environment, defaults to 'Global'" |
| 18 | + ``` |
| 19 | + |
| 20 | +### More details |
| 21 | + |
| 22 | +- [Goal of the provided scripts](#goal-of-the-provided-scripts) |
| 23 | + - [Presentation of the scripts](#presentation-of-the-scripts) |
| 24 | + - [Usage pattern for tests and DevOps scenarios](#usage-pattern-for-tests-and-devops-scenarios) |
| 25 | +- [How to use the app creation scripts?](#how-to-use-the-app-creation-scripts) |
| 26 | + - [Pre-requisites](#pre-requisites) |
| 27 | + - [Run the script and start running](#run-the-script-and-start-running) |
| 28 | + - [Two ways to run the script](#two-ways-to-run-the-script) |
| 29 | + - [Option 1 (interactive)](#option-1-interactive) |
| 30 | + - [Option 2 (Interactive, but create apps in a specified tenant)](#option-2-Interactive-but-create-apps-in-a-specified-tenant) |
| 31 | + - [Running the script on Azure Sovereign clouds](#running-the-script-on-azure-sovereign-clouds) |
| 32 | + |
| 33 | +## Goal of the provided scripts |
| 34 | + |
| 35 | +### Presentation of the scripts |
| 36 | + |
| 37 | +This sample comes with two PowerShell scripts, which automate the creation of the Azure Active Directory applications, and the configuration of the code for this sample. Once you run them, you will only need to build the solution and you are good to test. |
| 38 | + |
| 39 | +These scripts are: |
| 40 | + |
| 41 | +- `Configure.ps1` which: |
| 42 | + - creates Azure AD applications and their related objects (permissions, dependencies, secrets, app roles), |
| 43 | + - changes the configuration files in the sample projects. |
| 44 | + - creates a summary file named `createdApps.html` in the folder from which you ran the script, and containing, for each Azure AD application it created: |
| 45 | + - the identifier of the application |
| 46 | + - the AppId of the application |
| 47 | + - the url of its registration in the [Azure portal](https://portal.azure.com). |
| 48 | + |
| 49 | +- `Cleanup.ps1` which cleans-up the Azure AD objects created by `Configure.ps1`. Note that this script does not revert the changes done in the configuration files, though. You will need to undo the change from source control (from Visual Studio, or from the command line using, for instance, `git reset`). |
| 50 | + |
| 51 | +> :information_source: If the sample supports using certificates instead of client secrets, this folder will contain an additional set of scripts: `Configure-WithCertificates.ps1` and `Cleanup-WithCertificates.ps1`. You can use them in the same way to register app(s) that use certificates instead of client secrets. |
| 52 | +
|
| 53 | +### Usage pattern for tests and DevOps scenarios |
| 54 | + |
| 55 | +The `Configure.ps1` will stop if it tries to create an Azure AD application which already exists in the tenant. For this, if you are using the script to try/test the sample, or in DevOps scenarios, you might want to run `Cleanup.ps1` just before `Configure.ps1`. This is what is shown in the steps below. |
| 56 | + |
| 57 | +## How to use the app creation scripts? |
| 58 | + |
| 59 | +### Pre-requisites |
| 60 | + |
| 61 | +1. PowerShell 7 or later (see: [installing PowerShell](https://learn.microsoft.com/powershell/scripting/install/installing-powershell)) |
| 62 | +1. Open PowerShell (On Windows, press `Windows-R` and type `PowerShell` in the search window) |
| 63 | + |
| 64 | +### (Optionally) install Microsoft.Graph.Applications PowerShell modules |
| 65 | + |
| 66 | +The scripts install the required PowerShell module (Microsoft.Graph.Applications) for the current user if needed. However, if you want to install if for all users on the machine, you can follow the following steps: |
| 67 | + |
| 68 | +1. If you have never done it already, in the PowerShell window, install the Microsoft.Graph.Applications PowerShell modules. For this: |
| 69 | + |
| 70 | + 1. Open PowerShell |
| 71 | + 2. Type: |
| 72 | + |
| 73 | + ```PowerShell |
| 74 | + Install-Module Microsoft.Graph.Applications |
| 75 | + ``` |
| 76 | +
|
| 77 | + or if you want the modules to be installed for the current user only, run: |
| 78 | +
|
| 79 | + ```PowerShell |
| 80 | + Install-Module Microsoft.Graph.Applications -Scope CurrentUser |
| 81 | + ``` |
| 82 | +
|
| 83 | +### Run the script and start running |
| 84 | +
|
| 85 | +1. Go to the `AppCreationScripts` sub-folder. From the folder where you cloned the repo, |
| 86 | +
|
| 87 | + ```PowerShell |
| 88 | + cd AppCreationScripts |
| 89 | + ``` |
| 90 | +
|
| 91 | +1. Run the scripts. See below for the [two options](#two-ways-to-run-the-script) to do that. |
| 92 | +1. Open the Visual Studio solution, and in the solution's context menu, choose **Set Startup Projects**. |
| 93 | +1. select **Start** for the projects |
| 94 | +
|
| 95 | +You're done! |
| 96 | +
|
| 97 | +### Two ways to run the script |
| 98 | +
|
| 99 | +We advise four ways of running the script: |
| 100 | +
|
| 101 | +- Interactive: you will be prompted for credentials, and the scripts decide in which tenant to create the objects, |
| 102 | +- Interactive in specific tenant: you will provide the tenant in which you want to create the objects and then you will be prompted for credentials, and the scripts will create the objects, |
| 103 | +
|
| 104 | +Here are the details on how to do this. |
| 105 | +
|
| 106 | +#### Option 1 (interactive) |
| 107 | +
|
| 108 | +- Just run ``.\Configure.ps1``, and you will be prompted to sign-in (email address, password, and if needed MFA). |
| 109 | +- The script will be run as the signed-in user and will use the tenant in which the user is defined. |
| 110 | +
|
| 111 | +Note that the script will choose the tenant in which to create the applications, based on the user. Also to run the `Cleanup.ps1` script, you will need to re-sign-in. |
| 112 | +
|
| 113 | +#### Option 2 (Interactive, but create apps in a specified tenant) |
| 114 | +
|
| 115 | + if you want to create the apps in a particular tenant, you can use the following option: |
| 116 | + |
| 117 | +- Open the [Azure portal](https://portal.azure.com) |
| 118 | +- Select the Azure Active directory you are interested in (in the combo-box below your name on the top right of the browser window) |
| 119 | +- Find the "Active Directory" object in this tenant |
| 120 | +- Go to **Properties** and copy the content of the **Directory Id** property |
| 121 | +- Then use the full syntax to run the scripts: |
| 122 | +
|
| 123 | +```PowerShell |
| 124 | +$tenantId = "yourTenantIdGuid" |
| 125 | +. .\Cleanup.ps1 -TenantId $tenantId |
| 126 | +. .\Configure.ps1 -TenantId $tenantId |
| 127 | +``` |
| 128 | + |
| 129 | +### Running the script on Azure Sovereign clouds |
| 130 | + |
| 131 | +All the four options listed above can be used on any Azure Sovereign clouds. By default, the script targets `AzureCloud`, but it can be changed using the parameter `-AzureEnvironmentName`. |
| 132 | + |
| 133 | +The acceptable values for this parameter are: |
| 134 | + |
| 135 | +- AzureCloud |
| 136 | +- AzureChinaCloud |
| 137 | +- AzureUSGovernment |
| 138 | + |
| 139 | +Example: |
| 140 | + |
| 141 | + ```PowerShell |
| 142 | + . .\Cleanup.ps1 -AzureEnvironmentName "AzureUSGovernment" |
| 143 | + . .\Configure.ps1 -AzureEnvironmentName "AzureUSGovernment" |
| 144 | + ``` |
0 commit comments