Create an Azure AD application and service principal for Postman
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Modules AzureRM.Resources, AzureRM.Profile | |
| #Modify below variables | |
| $SubscriptionName = "Tao Playground" | |
| $ApplicationDisplayName = "Postman" | |
| #region functions | |
| Function New-Passowrd | |
| { | |
| [CmdletBinding()] | |
| PARAM ( | |
| [Parameter(Mandatory = $true)][int]$Length, | |
| [Parameter(Mandatory = $true)][int]$NumberOfSpecialCharacters | |
| ) | |
| Add-Type -AssemblyName System.Web | |
| [Web.Security.Membership]::GeneratePassword($Length,$NumberOfSpecialCharacters) | |
| } | |
| #endregion | |
| #region main | |
| #Variables | |
| $SignOnUrl = "https://www.getpostman.com" | |
| $ReplyUrl = "https://www.getpostman.com/oauth2/callback" #Do not change this one | |
| Write-Output "Loging to Azure" | |
| Add-AzureRMAccount | |
| #Add-AzureRMAccount -Credential $AADCred | |
| $Context = Set-AzureRmContext -SubscriptionName $SubscriptionName | |
| $SubscriptionId = $Context.Subscription.SubscriptionId | |
| $TenantId = $Context.Tenant.TenantId | |
| $ApplicationPassword = New-Passowrd -Length 16 -NumberOfSpecialCharacters 0 | |
| $Application = New-AzureRmADApplication -DisplayName $ApplicationDisplayName -HomePage $SignOnUrl -IdentifierUris "http://$ApplicationDisplayName" -ReplyUrls $ReplyUrl -Password $ApplicationPassword | |
| Write-OUtput "Creating Azure AD Application Service Principal." | |
| $ApplicationServicePrincipal = New-AzureRmADServicePrincipal -ApplicationId $Application.ApplicationId | |
| Write-Output "Assigning the Contributor role to the application Service Principal..." | |
| $NewRole = $null | |
| $Retries = 0 | |
| While ($NewRole -eq $null -and $Retries -le 5) | |
| { | |
| # Sleep here for a few seconds to allow the service principal application to become active (should only take a couple of seconds normally) | |
| Start-Sleep -Seconds 10 | |
| New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $Application.ApplicationId -ErrorAction SilentlyContinue | |
| Start-Sleep -Seconds 10 | |
| $NewRole = Get-AzureRmRoleAssignment -ServicePrincipalName $Application.ApplicationId -ErrorAction SilentlyContinue | |
| $Retries++ | |
| } | |
| Write-Output "Save below information for future use:" | |
| Write-Output "Azure Subscription Id: '$SubscriptionId'" | |
| Write-Output "'$ApplicationDisplayName' application client ID: '$($Application.ApplicationId.ToString())'" | |
| Write-Output "'$ApplicationDisplayName' application client secret: '$ApplicationPassword'" | |
| Write-Output "" | |
| Write-Output "Now go to https://manage.windowsazure.com and grant postman applicaiton access to the Windows Azure Service Management API (Delegated Permission: Access Azure Service Management as Organization users" | |
| #endregion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment