I am curious as to when I created an application using the template data provider doesn’t match the same configuration as one I created via Azure AD Gallery.
I’m following along with the basic example in the docs, my terraform…
data "azuread_application_template" "zoom" {
display_name = "Zoom"
}
resource "azuread_application" "zoom" {
display_name = "Zoom SSO"
template_id = data.azuread_application_template.zoom.template_id
}
resource "azuread_service_principal" "zoom" {
application_id = azuread_application.zoom.application_id
use_existing = true
}
In Azure AD Explorer my Enterprise Application via terraform looks like this…
{
"odata.metadata": "https://graph.windows.net/myco.com/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"objectType": "ServicePrincipal",
"objectId": "afabd82a-4b19-4f0a-a864-17ca9a7e56d5",
"deletionTimestamp": null,
"accountEnabled": true,
"addIns": [],
"alternativeNames": [],
"appDisplayName": "Zoom SSO",
"appId": "202607c8-e19f-481d-9170-c385652e0bcb",
"applicationTemplateId": "247d18fc-f848-4de0-8330-333d3a5c0e3f",
"appOwnerTenantId": "aacf2201-5028-4853-acd4-fdf14f9f3d69",
"appRoleAssignmentRequired": false,
"appRoles": [],
"displayName": "Zoom SSO",
"errorUrl": null,
"homepage": null,
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"logoutUrl": null,
"notificationEmailAddresses": [],
"oauth2Permissions": [],
"passwordCredentials": [],
"preferredSingleSignOnMode": null,
"preferredTokenSigningKeyEndDateTime": null,
"preferredTokenSigningKeyThumbprint": null,
"publisherName": "MyCo",
"replyUrls": [],
"samlMetadataUrl": null,
"samlSingleSignOnSettings": {
"relayState": null
},
"servicePrincipalNames": [
"202607c8-e19f-481d-9170-c385652e0bcb"
],
"servicePrincipalType": "Application",
"signInAudience": "AzureADMyOrg",
"tags": [],
"tokenEncryptionKeyId": null
}
In Azure AD Gallery I searched for the ‘zoom’ application and created it, using all of the defaults.
Using Azure AD Graph Explorer I see this config, which I assume came from the template.
{
"odata.metadata": "https://graph.windows.net/myco.com/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"objectType": "ServicePrincipal",
"objectId": "5794215f-16e5-4eb9-ba2e-d6c594d57cea",
"deletionTimestamp": null,
"accountEnabled": true,
"addIns": [],
"alternativeNames": [],
"appDisplayName": "Zoom",
"appId": "38b0a378-009d-47a8-9aa5-aaf5191a9736",
"applicationTemplateId": "247d18fc-f848-4de0-8330-333d3a5c0e3f",
"appOwnerTenantId": "aacf2201-5028-4853-acd4-fdf14f9f3d69",
"appRoleAssignmentRequired": true,
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "msiam_access",
"displayName": "msiam_access",
"id": "686836a1-866a-4e58-83e4-75a6e5f50cd8",
"isEnabled": true,
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "Corp",
"displayName": "Corp",
"id": "ee86e454-5f39-4878-8aac-72dd639542de",
"isEnabled": true,
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "Pro",
"displayName": "Pro",
"id": "1cccf8c6-0e95-414e-8fe4-c623d07197fb",
"isEnabled": true,
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "Basic",
"displayName": "Basic",
"id": "759e2d92-6615-40fc-aff2-8fc90dc69c6e",
"isEnabled": true,
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "On-Prem",
"displayName": "On-Prem",
"id": "4144d0ae-82aa-4089-b26d-6e8e09dec705",
"isEnabled": true,
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "Licensed",
"displayName": "Licensed",
"id": "43469f26-4e68-46db-92c9-786e620cf24a",
"isEnabled": true,
"value": null
}
],
"displayName": "Zoom",
"errorUrl": null,
"homepage": "https://*.zoom.us/saml/SSO?metadata=zoom|ISV9.1|primary|z",
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"logoutUrl": null,
"notificationEmailAddresses": [],
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access Zoom on behalf of the signed-in user.",
"adminConsentDisplayName": "Access Zoom",
"id": "58ec4a09-0cba-4190-b411-96fd9ef3af96",
"isEnabled": true,
"type": "User",
"userConsentDescription": "Allow the application to access Zoom on your behalf.",
"userConsentDisplayName": "Access Zoom",
"value": "user_impersonation"
}
],
"passwordCredentials": [],
"preferredSingleSignOnMode": null,
"preferredTokenSigningKeyEndDateTime": null,
"preferredTokenSigningKeyThumbprint": null,
"publisherName": "MyCo",
"replyUrls": [],
"samlMetadataUrl": null,
"samlSingleSignOnSettings": null,
"servicePrincipalNames": [
"38b0a378-009d-47a8-9aa5-aaf5191a9736"
],
"servicePrincipalType": "Application",
"signInAudience": "AzureADMyOrg",
"tags": [
"WindowsAzureActiveDirectoryIntegratedApp"
],
"tokenEncryptionKeyId": null
}
My question is why the difference ? I would have thought that they would be more in sync