Custom Azure Active Directory (Azure AD) roles and groups
Marketplace Managers can add custom Azure Active Directory (Azure AD) roles and groups to their marketplaces. These are different from the default roles described in the GDAP prerequisites, see Granular Delegated Admin Privileges (GDAP).
The new custom roles and groups are optional.
To add the new roles and groups, Marketplace Managers must create and authenticate an API client. For more information, see Create API clients for non-interactive applications and Authorize inbound API requests.
Then they can create custom GDAP security groups and configurations using the API client.
To create a custom GDAP security group
| Description | Create a custom GDAP security group |
|---|---|
| Endpoint URL | {marketplace-base-url}/api/microsoft/v1/gdap/securityGroups |
| Request operation | POST |
| Authorization | Oauth2 ROLE\_PARTNER |
Mandatory parameters in the request:
- id - Azure security group UUID. Available in the groups management section on the Azure portal.
- region - ISO2 country code.
Note the following:
- If you are eligible to sell to multiple countries, you must create a security group UUID record for each region.
- Configure an “AdminAgent” security group.
JSON example:
[
{
"id": "35431eca-2eb0-479c-9d4a-b01e80d763d0",
"region": "US"
},
{
"id": "35431eca-2eb0-479c-9d4a-b01e80d763d0",
"region": "CA"
}
]
To create a custom GDAP security group configuration
| Description | Create a custom GDAP security group configuration |
|---|---|
| Endpoint URL | {marketplace-base-url}/api/microsoft/v1/gdap/securityGroup/configurations |
| Request operation | POST |
| Authorization | Oauth2 ROLE\_PARTNER |
Mandatory parameters in the request:
- securityGroup.id - Azure security group UUID. Available in the groups management section on the Azure portal.
- securityGroup.region - ISO2 country code.
- roles.id - See Template IDs in Azure AD built-in roles UUID.
JSON example:
[
{
"securityGroup": {
"id": "e10cb618-2e1d-4ba3-b09f-96ea86bd7c32",
"region": "US"
},
"roles": [
{
"id": "e300d9e7-4a2b-4295-9eff-f1c78b36cc98"
}
]
}
]
Was this page helpful?
Tell us more…
Help us improve our content. Responses are anonymous.
Thanks
We appreciate your feedback!