Assign all users to an application automatically?

Question

I've configured SSO in AzureAD with Freshdesk.  It's working, for the most part, but it seems that I have to go through every user in the AzureAD portal and assign them to the Freshdesk app.  There's got to be a better way to do this...  Is there some way to open an app up to anyone in our AzureAD, without having to be specifically assigned to it?

Answer 1

You can make a csv file contains all the user you want to assign, then send post request to assign them using graph API(https://graph.windows.net/myorganization/servicePrincipals/{0}/appRoleAssignedTo?api-version=1.5)

Please check this blog for details how to bulk assign user with PowerShell:

http://www.edutech.me.uk/administration/script-bulk-assign-users-to-saas-application-using-graph-api-adal/

Answer 2

https://azure.microsoft.com/en-us/updates/azure-active-directory-dynamic-membership-for-groups/

---

Mike Crowley | MVP
My Blog -- Baseline Technologies

Answer 3

You need to assign any app to a user before they can use it. But you can simply do that by enabling the All Users group in your directory and then assign this group to the application. Now all current users will get access, and if users join they will automatically be added to the application as well.

Answer 4

Yep, that's essentially what the link I posted above says.

---

Mike Crowley | MVP
My Blog -- Baseline Technologies

Answer 5

Why don't you use Group based permission assignment? Create a Dynamic Group and add "All Users" keyword.  That will include all users from your tenant. 

---

Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

My Books: | Windows Server Security | Windows Server 2012

Blogs | Twitter | LinkedIn | Facebook|

This posting is provided AS IS with no warranties, and confers no rights.

Answer 6

It seems that Dynamic Groups require AzureAD premium, which is not included in our Office 365 E1 subscription.  

I do have an existing group which would work for this purpose, sync'd from our on premises AD, but I don't see any way to assign a group to an application in AzureAD.  How would I go about assigning a group to an app?

Answer 7

How do I assign a group to an application?  When I'm looking at the application in the azureAD portal, only Users are listed, no groups.  

Answer 8

Ugh.  According to the comments on this post, assigning groups to an application isn't an option in the Office 365 edition of AzureAD, only with AzureAD Basic or Premium.  So, that's not going to work.  I'll have to take a closer look at tquangfx's links and see if I can get what I need that way.

Answer 9

https://azure.microsoft.com/en-us/updates/azure-active-directory-dynamic-membership-for-groups/

---

Mike Crowley | MVP
My Blog -- Baseline Technologies

Hmm, despite the link above explicitly stating "There is no additional charge for this feature", the actual configuration screen states otherwise:

---

Mike Crowley | MVP
My Blog -- Baseline Technologies