Azure AD SSO Certificate renewal

Pa_D 1,071 Reputation points
2021-04-14T22:24:18.767+00:00

1) Is there a way for us to set a default service email for certificate renewal notification, instead of adding manually every time in the UI?
87953-image.png

2) Is there a script way to go through the apps in Azure AD and identify if a specific email has been added to Azure AD SSO certificate renewal notification section?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,668 questions
0 comments
Accepted answer
  1. Siva-kumar-selvaraj 15,556 Reputation points
    2021-04-15T18:41:55.29+00:00

    Hello @Pa_D ,

    Thank you for reaching out.

    Please find inline answer. Hope this helps.

    1) Is there a way for us to set a default service email for certificate renewal notification, instead of adding manually every time in the UI?

    [Ans]: You could use Graph API to set "notificationEmailAddresses" for Enterprise application SAML Signing Certificate.

    Request:

    PATCH https://graph.microsoft.com/beta/servicePrincipals/<ObjectID>

    Body
    {"notificationEmailAddresses": ["siva@atriumph.onmicrosoft.com"]}

    Request Header
    Content-Type: application/json

    88372-image.png

    2) Is there a script way to go through the apps in Azure AD and identify if a specific email has been added to Azure AD SSO certificate renewal notification section?

    [Ans]:
    Unfortunately, there is no such script.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,556 Reputation points
    2021-04-16T18:39:25.813+00:00

    Please find inline answer:

    1) Does this email address get added as default address for all new apps that we build?
    This would replace all existing one with address that is mentioned in Graph API call.

    Example: If I use following {"notificationEmailAddresses": ["ryan@atriumph.onmicrosoft.com"]} in Body then it replace all existing with rayan@atriumph.onmicrosoft.com. If you want to add multiple recipient then add email address with comma-separated as shown below. 

    {  
    "notificationEmailAddresses": [  
        "ryan@atriumph.onmicrosoft.com",  
        "joel@atriumph.onmicrosoft.com"  
    ]  
}

    88711-image.png

    2) What is the service principal GUID in the URI?
    3) Where do we find the Object ID?
    From Enterprise Application blade you can find your application Object ID as show below:
    88655-image.png

    0 comments
  2. Kamal Shalaby 41 Reputation points
    2021-08-11T11:18:12.893+00:00

    Hi sikumars-msft
    Thanks for your explaining
    i have question
    this is only to add for individual application ?
    no way to add bulk
    thanks

    0 comments