Add Scopes to Azure Applications

Owned by
Phillip Hanegan
Last updated: Aug 25, 2022
2 min read

If your organization integrates applications with Azure AD, you can manage those applications in EmpowerID. This includes onboarding applications, assigning users to application roles, adding app roles and scopes to applications, editing and deleting applications, and more. In this article, we demonstrate how to add scopes to an Azure application that is managed by EmpowerID.

Add scopes to an Azure application

  1. Navigate to the Resource Admin application portal for your environment.

  2. Select Applications from the dropdown menu and search for the application to which you want to assign scope.

  3. Click the Friendly Name link for the application.

     

  4. Select Scopes on the application menu, expand Actions and then click Create Azure Application Scope.

     
    This initiates the Create Azure App Scope workflow with the selected application as the target and directs you to the Azure Scope Details form.

     

  5. Fill in the form fields with the appropriate information for your scope.

  6. Click Next.

  7. Review the summary information and then click Submit.

Verify the application role in Azure

  1. In Azure, navigate to Azure AD > App registrations.

  2. Select All applications and search for the target application.

  3. Click the Display Name link for the application.

     

  4. Under Manage, click Expose an API.

    You should see the scope you created for the application.

Inventoried App Scopes are stored as records in the AzGlobalRight table of the EmpowerID Identity Warehouse. You can view these in the Web on the Find Universal PBAC page. To do so, expand Role Management and click Universal PBAC. Once on the page, select the Global Right tab and search for the App Scope. You should see the scope in the grid as shown in the below image.

Â