You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#Customer intent: As an Azure AD administrator, I want to assign owners to enterprise applications.
17
18
---
18
19
19
20
# Assign enterprise application owners
20
21
21
-
As an [owner of an enterprise application](overview-assign-app-owners.md) in Azure Active Directory (Azure AD), a user can manage the organization-specific configuration of it, such as single sign-on, provisioning, and user assignments. An owner can also add or remove other owners. Unlike Global Administrators, owners can manage only the enterprise applications they own. In this article, you learn how to assign an owner of an application.
22
+
An [owner of an enterprise application](overview-assign-app-owners.md) in Azure Active Directory (Azure AD)can manage the organization-specific configuration of the application, such as single sign-on, provisioning, and user assignments. An owner can also add or remove other owners. Unlike Global Administrators, owners can manage only the enterprise applications they own. In this article, you learn how to assign an owner of an application.
22
23
23
24
## Assign an owner
24
25
26
+
:::zone pivot="portal"
27
+
25
28
To assign an owner to an enterprise application:
26
29
27
30
1. Sign in to [your Azure AD organization](https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview) with an account that is eligible for the **Application Administrator** role or the **Cloud Application Administrator** role for the organization.
@@ -30,10 +33,49 @@ To assign an owner to an enterprise application:
30
33
4. Search for and select the user account that you want to be an owner of the application.
31
34
5. Click **Select** to add the user account that you chose as an owner of the application.
32
35
36
+
:::zone-end
37
+
38
+
:::zone pivot="ms-powershell"
39
+
40
+
Use the following Microsoft Graph PowerShell cmdlet to add an owner to an enterprise application.
41
+
42
+
You'll need to consent to the `Application.ReadWrite.All` permission.
43
+
44
+
In the following example, the user's object ID is 8afc02cb-4d62-4dba-b536-9f6d73e9be26 and the applicationId is 46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b.
To assign an owner to an application, sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) with one of the roles listed in the prerequisite section.
60
+
61
+
You'll need to consent to the `Application.ReadWrite.All` permission.
62
+
63
+
Run the following Microsoft Graph query to assign an owner to an application. You need the object ID of the user you want to assign the application to. In the following example, the user's object ID is 8afc02cb-4d62-4dba-b536-9f6d73e9be26 and the appId is 46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b.
64
+
65
+
```http
66
+
POST https://graph.microsoft.com/v1.0/servicePrincipals(appId='46e6adf4-a9cf-4b60-9390-0ba6fb00bf6b')/owners/$ref
> If the user setting **Restrict access to Azure AD administration portal** is set to `Yes`, non-admin users will not be able to use the Azure portal to manage the applications they own. For more information about the actions that can be performed on owned enterprise applications, see [Owned enterprise applications](../fundamentals/users-default-permissions.md#owned-enterprise-applications).
35
78
36
-
37
79
## Next steps
38
80
39
81
-[Delegate app registration permissions in Azure Active Directory](../roles/delegate-app-roles.md)
0 commit comments