You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Skip to end of banner
Go to start of banner

Add App Roles to Azure Applications

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

If your organization integrates applications with Azure AD, you can manage those applications in EmpowerID. This includes onboarding applications, assigning users to application roles, adding app roles to applications, editing applications, and deleting applications. In this article, we demonstrate how to add an app role to an Azure application managed by EmpowerID.

Add an app role to an Azure application

  1. Navigate to the Resource Admin application portal for your environment.

  2. Select Applications from the dropdown menu and search for the application you want to assign an Azure AD role.

  3. Click the Friendly Name link for the application.

     

  4. Select Azure Application Roles on the application menu, expand Actions and then click Create Azure Application Role.

     
    This initiates the Create Azure App Role workflow with the selected application as the target and directs you to the App Role Details form.

  5. Fill in the form fields with the appropriate information for your app role.

    Field

    Description

    Example

    Name

    Name of the app role

    Report Writer

    Allowed Member Types

    Specifies whether the app role can be assigned. Options include:

    • Default

    • Users/Groups

    • Applications

    • Both (Users/Groups) + Applications

    Users/Groups

    Value

    Specifies the value of the roles claim that the application should expect in the token

    Report.Create

    Description

    Description of the app role

    Writers can create reports

    Application Role Requestable in IAM Shop

    Specifies whether users can request the role in the IAM Shop

    Select A Location

    Select a location in EmpowerID for the application role. This location is for RBAC delegation only.
    If there is a location selected by default and you wish to change it, click the link for the location and then search for and select the desired location from the Location tree.

    EmpowerID Applications

  6. Click Next.

  7. Review the summary information and then click Submit.

Verify the application role in Azure

  1. In Azure, navigate to Azure AD > App registrations.

  2. Select All applications and search for the target application.

  3. Click the Display Name link for the application.

  4. Under Manage, click App Roles.

    You should see the app role you created for the application.

Inventoried App Roles are stored as records in the AzGlobalRight table of the EmpowerID Identity Warehouse. You can view these in the Web on the Find Universal PBAC page. To do so, expand Role Management and click Universal PBAC. Once on the page, select the Global Right tab and search for the App Role. You should see the role in the grid as shown in the below image.

  • No labels