问题
I have created an AZURE CSP subscription for a customer.
When I log in to the particular customer directory as a partner admin user (Customers -> Click the dropdown for a customer -> Microsoft Azure Management Portal link), I am able to see the subscription.
But when I try to login as the admin of the customer domain/directory, I am not able to see it.
When I searched about it, I came across the link
https://docs.microsoft.com/en-us/partner-center/assign-azure-subscriptions
Is there any way to do the step Assign Azure subscriptions to your customers through API.
回答1:
You could use Azure Rest API Role Assignments - Create or Role Assignments - Create By Id.
You can see that there is a Try It feature in the page but we cannot make it work with an CSP admin, because if we sign in with an CSP admin, the access token will be issued for the CSP admin's tenant rather than customer's tenant by default.
To call Azure rest API, you need an access token for Azure. Please refer to this document.
Here is my sample for your reference:
Get the access token for Azure service in Postman. Sign in with your CSP admin to generate the access token. Remember that you should put the customer's tenant id in Auth URL: https://login.microsoftonline.com/{custopmer's tenant id}/oauth2/v2.0/authorize and Access Token URL: https://login.microsoftonline.com/{custopmer's tenant id}/oauth2/v2.0/token
Use this access token to assign Azure subscription using Role Assignments - Create.
来源:https://stackoverflow.com/questions/65826554/assign-azure-csp-subscriptions-to-your-customers-programmatically