Grant service principal access to application in other tenant

Question

I have an Azure AD service principal in one tenant (OneTenant) that I would like to give access to an application in another tenant (OtherTenant).<

Answer 1

Ok, I finally got around to testing if the solution presented by Rohit Saigal works. It does point in the right direction but is not complete.

First step is to create a service principal in OneTenant that represents the application in OtherTenant. So while signed in to OneTenant, run the following script:

$spInOneTenant = New-AzureADServicePrincipal -AppId 

Next step is to run the New-AzureADServiceAppRoleAssignment cmdlet with the following parameters:

New-AzureADServiceAppRoleAssignment `
    -Id  `
    -ObjectId  `
    -PrincipalId  `
    -ResourceId $spInOneTenant.ObjectId

The trick is to use the object id of the service principal you created in the previous step as the ResourceId.