You can automate creation with Microsoft Graph API or Azure AD Graph API (though you should prefer MS Graph when possible).
In this case since you have what is basically a batch scenario in your hands, I feel PowerShell might be a good option.
There is a PowerShell module for administering Azure AD:
First you sign in with
Connect-AzureAD
Then we can create an Application:
$app = New-AzureADApplication -DisplayName 'Created from PS' -IdentifierUris @('https://mytenant.onmicrosoft.com/PSTest1')
Then we need to create the service principal, this is normally done by the portal:
$sp = New-AzureADServicePrincipal -AppId $app.AppId -AppRoleAssignmentRequired $true
Note the AppRoleAssignmentRequired
parameter.
Setting it to true will require users to be assigned to the app before they can login.
If you don't want that, just leave it out.
Now we can assign users.
You will need a user's ObjectId to assign them to the app.
You can use Get-AzureADUser
in various ways to get the users you want to assign.
But the assignment can then be done like this:
New-AzureADUserAppRoleAssignment -Id '00000000-0000-0000-0000-000000000000' -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -ObjectId $user.ObjectId
If you had specified roles in your app for users, you could use the role's id instead of all zeros.
All zeros translates to "Default access" in the portal.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…