Assign enterprise application owners
An owner of an enterprise application in Microsoft Entra ID can manage the organization-specific configuration of the application, such as single sign-on, provisioning, and user assignments. An owner can also add or remove other owners. Unlike other application administrators, owners can manage only the enterprise applications they own. In this article, you learn how to assign an owner of an application.
Prerequisites
To add an enterprise application to your Microsoft Entra tenant, you need:
- A Microsoft Entra user account. If you don't already have one, you can Create an account.
- One of the following roles: Cloud Application Administrator, or Application Administrator.
Tip
Steps in this article might vary slightly based on the portal you start from.
Assign an owner
To assign an owner to an enterprise application:
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > Enterprise applications > All applications.
- Select the application that you want to add an owner to.
- Select Owners, and then select Add to get a list of user accounts that you can choose an owner from.
- Search for and select the user account that you want to be an owner of the application.
- Select Select to add the user account that you chose as an owner of the application.
To add an owner to an enterprise application using Microsoft Graph PowerShell, you need to sign in as at least a Cloud Application Administrator and consent to the Application.ReadWrite.All
permission.
In the following example, the user's object ID is aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb and the applicationId is 00001111-aaaa-2222-bbbb-3333cccc4444.
1. Connect-MgGraph -Environment China -ClientId 'YOUR_CLIENT_ID' -TenantId 'YOUR_TENANT_ID' -Scopes 'Application.ReadWrite.All'
1. Import-Module Microsoft.Graph.Applications
$params = @{
"@odata.id" = "https://microsoftgraph.chinacloudapi.cn/v1.0/directoryObjects/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
}
New-MgServicePrincipalOwnerByRef -ServicePrincipalId '00001111-aaaa-2222-bbbb-3333cccc4444' -BodyParameter $params
Note
If the user setting Restrict access to Microsoft Entra administration portal is set to Yes
, non-admin users aren't able to use the Microsoft Entra admin center to manage the applications they own. For more information about the actions that can be performed on owned enterprise applications, see Owned enterprise applications.