Skip to end of banner
Go to start of banner

Add Scopes to Azure Applications

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

If your organization integrates applications with Azure AD, you can manage those applications in EmpowerID. This includes onboarding applications, assigning users to application roles, adding app roles and scopes to applications, editing and deleting applications, and more. In this article, we demonstrate how to add scopes to an Azure application that is managed by EmpowerID.

Add scopes to an Azure application

  1. Navigate to the Resource Admin application portal for your environment.

  2. Select Applications from the dropdown menu and search for the application to which you want to assign scope.

  3. Click the Friendly Name link for the application.

     

  4. Select Scopes on the application menu, expand Actions and then click Create Azure Application Scope.

     
    This initiates the Create Azure App Scope workflow with the selected application as the target and directs you to the Azure Scope Details form.

  5. Fill in the form fields with the appropriate information for your scope.

    Field

    Description

    Example

    Scope Name

    Name of the scope

    read.Calendar

    Who Can Consent

    Specifies the types of users who can consent to the scope. Options include:

    • Admins and Users – Select if users can consent to the scope

    • Admins Only – Select if higher privileges are required for consent

    Admins and Users

    Admin Consent Name

    Name of the consent that appears to admins

    Read Email Calendar

    Admin Consent Description

    Description of the consent that appears to admins

    Application can read your Email Calendar

    User Consent Display Name

    Name of the consent that appears to users

    Read Email Calendar

    User Consent Description

    Description of the consent that appears to users

    Application can read your Email Calendar

    Select A Location

    Select a location in EmpowerID for the application role. This location is for RBAC delegation only.
    If there is a location selected by default and you wish to change it, click the link for the location and then search for and select the desired location from the Location tree.

    EmpowerID Applications

  6. Click Next.

  7. Review the summary information and then click Submit.

Verify the application role in Azure

  1. In Azure, navigate to Azure AD > App registrations.

  2. Select All applications and search for the target application.

  3. Click the Display Name link for the application.

  4. Under Manage, click Expose an API.

    You should see the scope you created for the application.

  • No labels