I have several applications added in Azure AD. These applications are all configured with SAML Single Sign-On (SSO) (screenshot here).
In the SAML SSO configuration page, there is a setting for Notification Email, which is the email address that will be notified when the SAML signing certificate is close to expiration (screenshot here).
I want to be able to programmatically change the notification email on an Azure AD app through PowerShell.I have been exploring with the cmdlet Get-AzureADApplication, but I don't seem to find the "notification email" property, and therefore not sure how to set it.
Here is the output of Get-AzureADApplication on a Test App. No "notification email" property:
DeletionTimestamp :
ObjectId : 24dcf6a8-2746-4ba9-af54-062ac39d5a4d
ObjectType : Application
AddIns : {}
AllowGuestsSignIn :
AllowPassthroughUsers :
AppId : c95bca7f-5c32-4a17-9d3f-89234124fad7
AppLogoUrl :
AppRoles : {class AppRole {
AllowedMemberTypes: System.Collections.Generic.List`1[System.String]
Description: User
DisplayName: User
Id: 18d14569-c3bd-439b-9a66-3a2aee01d14f
IsEnabled: True
Value:
}
, class AppRole {
AllowedMemberTypes: System.Collections.Generic.List`1[System.String]
Description: msiam_access
DisplayName: msiam_access
Id: b9632174-c057-4f7e-951b-be3adc52bfe6
IsEnabled: True
Value:
}
}
AvailableToOtherTenants : False
DisplayName : TestApp
ErrorUrl :
GroupMembershipClaims :
Homepage : https://account.activedirectory.windowsazure.com:444/applications/default.aspx?metadata=customappsso|ISV9.1|primary|z
IdentifierUris : {test.com}
InformationalUrls : class InformationalUrl {
TermsOfService:
Marketing:
Privacy:
Support:
}
IsDeviceOnlyAuthSupported :
IsDisabled :
KeyCredentials : {}
KnownClientApplications : {}
LogoutUrl :
Oauth2AllowImplicitFlow : False
Oauth2AllowUrlPathMatching : False
Oauth2Permissions : {class OAuth2Permission {
AdminConsentDescription: Allow the application to access TestApp on behalf of the signed-in user.
AdminConsentDisplayName: Access TestApp
Id: 4a22a7ad-f133-46e7-b5fb-915914da8894
IsEnabled: True
Type: User
UserConsentDescription: Allow the application to access TestApp on your behalf.
UserConsentDisplayName: Access TestApp
Value: user_impersonation
}
}
Oauth2RequirePostResponse : False
OrgRestrictions : {}
OptionalClaims :
ParentalControlSettings : class ParentalControlSettings {
CountriesBlockedForMinors: System.Collections.Generic.List`1[System.String]
LegalAgeGroupRule: Allow
}
PasswordCredentials : {}
PreAuthorizedApplications :
PublicClient : False
PublisherDomain : <redacted>
RecordConsentConditions :
ReplyUrls : {https://testc.om}
RequiredResourceAccess : {}
SamlMetadataUrl :
SignInAudience : AzureADMyOrg
WwwHomepage : Any help or ideas?