What is the reason that I see multiple keyCredentials for a given servicePrincipal on the GraphAPI but when I go to the associated app page, on the app registrations, and then to certificated and credentials I don't see any keys or certificates?
The app is used for SSO to AWS.
Thanks.
Hi @Ity-3595 · Thank you for reaching out.
Service Principal object (present under Enterprise Applications) and Application object (present under App Registration) for a given app are two different objects with different Object IDs but same App ID.
In your case, you are querying Service Principal of your application via graph api, which is returning the keyCredentials for certificates configured under SSO settings of the enterprise application.
On the portal, you are checking the app under Application Registration, where no certificate is configured.
To better understand, try running below PS cmdlets available in AzureADPreview module:
Get-AzureADServicePrincipal -ObjectId object_id_of_app_from_enterprise_apps | fl key*
Get-AzureADApplication -objectid object_id_of_app_from_app_registration | fl key*
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
3 people are following this question.
