Hands on Azure Active Directory Service Principals and Azure REST API Examples with Postman
HTML-код
- Опубликовано: 7 фев 2025
- Practical examples of how to create Azure AD Service Principals and how to call Azure Rest APIs
0:00 Start
1:19 Application Architecture (Single Tenant, Multi Tenant)
3:20 Authentication Options (Delegated, Application)
4:07 Create a Service Principal (Single Tenant - Application permissions)
7:59 PostMan - Get Token
10:47 Get a List of Virtual Machines using REST API
15:13 Create a Service Principal (Single Tenant - Delegated permissions)
17:58 Getting Access on behalf of a user
18:42 Get code from (login.microsof...)
20:49 Postman - Get Token using the code and get list of Virtual Machines
23:45 Multitenant Service Principals - Application Permissions
25:10 Create a Service Principal (Multitenant - Application Permissions)
29:01 Create Enterprise Application Registration
32:07 Postman - Get Token using the code and get list of Virtual Machines
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
i landed on this video after spending entire day to understand these concepts.. you nailed it.. thanks man
Very helpful video. Please make more videos on Azure :)
This video has genuinely saved me hours! Can you please make one on OBO flow, HOBO V2? We need more people like you!
Thank you a tonne.
Great video .... I am searching for login using active directory user/pwd also create user api
Good stuff - The South African accent is also refreshing :)
No hiding my accent :) Even more difficult for an Afrikaans guy like me. Have fun with Azure Active Directory!
@@cornelhuman1940 Auzure ftw! Is ook Afrikaans - You speak english deliciously :)
Very nice video! Finally understand what is a service principle!
Simply awesome. Outstanding demos and explanation.
This is a gem...cant thank you enough
Great. Thx!
you made my day 😀
nice and great video, it truly helps me to understand to how to call restapi to Azure resources. can you post the postman queries you showed in the demo? it is hard to see and type from videos.
Great content !
@Cornel Human
I'm getting error like:
{
"error": {
"code": "LinkedAuthorizationFailed",
"message": "The client 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx' with object id 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx' has permission to perform action 'Microsoft.Authorization/roleDefinitions/write' on scope '/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx'; however, it does not have permission to perform action 'Microsoft.Authorization/roleDefinitions/write' on the linked scope(s) '/providers/Microsoft.Management/managementGroups/marketing-group' or the linked scope(s) are invalid."
}
}
I have followed exactly same step stated between 12:10 - 15:00
PS: I'm trying to create custom role through Rest Api.
Please help me
Is there an article which explains the rules to generate the registration link we are going o send to the external tenants?
Just replace {clientid} with your clientid. The Service Principal needs to be a multi tenant one for this to work.
Depending on what you do it may need extra access roles defined on the resources it needs access to
login.microsoftonline.com/common/oauth2/authorize?client_id={clientid}&prompt=admin_consent&response_type=code
So we are investigating implementing a similar azure AD application proxy ...IE initial user authentication and then acting as a reverse proxy to the internal web applications
We see this as a requirement to securely allow our employees to access selected internal applications from their own devices from external (internet)
So could you assist please with guidance on how this can be achieved?
Also how we can enable/implement sms and email?
Hi Zaza, In general the idea with this Azure Active Directory Video was around developing applications that Authenticate using Active Directory. What you are talking about sounds more like you looking to implement a VPN. And there are VPN solutions that can authenticate with Active Directory. When you say you are looking for email and sms what are you looking for, an email service provider like a Gmail or Office365 and sms, are you looking for 2 factor authentication or to actually send sms'es to your clients? There would be many factors to consider, size of company, number of clients, budget etc. And security is a large problem these days with ever increasing amounts of cyber attacks. A lot of people try to save money by going the cheap route, and then pay the price when their security gets compromised.
Great video but watch out for references to 'AD' and 'Active Directory' which should instead be 'AAD' and 'Azure Active Directory'.
Tu