Edit

Share via

Add-EntraBetaPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal

Module:
Microsoft.Entra.Beta.Applications Module v1.2

Grants permission to create Agent Users to the Agent Identity Blueprint Principal.

Syntax

Default (Default) 

Add-EntraBetaPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal

    [-AgentBlueprintId <String>]
    [<CommonParameters>]

Description

The Add-EntraBetaPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal cmdlet adds the AgentIdUser.ReadWrite.IdentityParentedBy permission to the Agent Identity Blueprint Service Principal. This permission allows the blueprint to create agent users that are parented to agent identities. Uses the stored AgentBlueprintId from the last New-AgentIdentityBlueprint call and the cached Microsoft Graph Service Principal ID.

Examples

Example 1: Grant permission using stored blueprint ID

Connect-Entra -Scopes 'AgentIdentityBlueprint.ReadWrite.All', 'AgentIdUser.ReadWrite.IdentityParentedBy'
New-EntraBetaAgentIdentityBlueprint -DisplayName "My Blueprint" -SponsorUserIds @("user1@contoso.com")
New-EntraBetaAgentIdentityBlueprintPrincipal
Add-EntraBetaPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal

This example grants the AgentIdUser.ReadWrite.IdentityParentedBy permission to the Agent Identity Blueprint Service Principal that was just created.

Example 2: Grant permission using specific blueprint ID

Connect-Entra -Scopes 'AgentIdentityBlueprint.ReadWrite.All', 'AgentIdUser.ReadWrite.IdentityParentedBy'
Add-EntraBetaPermissionToCreateAgentUsersToAgentIdentityBlueprintPrincipal -AgentBlueprintId "7c0c1226-1e81-41a5-ad6c-532c95504443"

This example grants the permission to a specific Agent Identity Blueprint by providing the blueprint ID.

Parameters

-AgentBlueprintId

The ID of the Agent Identity Blueprint to grant permissions to. If not provided, uses the stored ID from the last blueprint creation.

Parameter properties

Type:System.String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

None

Outputs

System.Object

Returns the app role assignment response object from Microsoft Graph.

Notes

This cmdlet requires the following Microsoft Graph permissions:

  • Application.ReadWrite.All
  • AgentIdUser.ReadWrite.IdentityParentedBy

This cmdlet requires the Agent Identity Blueprint Service Principal to be created first using New-EntraBetaAgentIdentityBlueprintPrincipal.