Add Application Scopes

As an owner of an Azure application, you have the capability to enhance your application's functionality and access control by adding scopes within Resource Admin. This addition is a crucial step in defining and managing the permissions and access levels for your application's users and services. The following instructions will guide you through the process of adding scopes, allowing you to tailor your application's interaction with Azure services and resources more precisely.

Procedure

Navigate to the Resource Admin application portal for your environment.
Select Applications from the Resource menu and search for the application to which you want to assign scope.
Click the Details button on the application record.
Select Scopes from the application menu and then click Add Scope.

This initiates the Create Azure App Scope workflow with the selected application as the target and directs you to the Azure Scope Details form.
Fill in the form fields with the appropriate information for your scope.
Click Next.
Review the summary information and then click Submit.
You should see a message stating that the scope was created for the application.

Results

The scope is added to the application. You can verify the changes in Azure by doing the following:

In Azure, navigate to Microsoft Entra ID > App registrations.
Select All applications and search for the target application.
Click the Display Name link for the application.
Under Manage, click Expose an API.

You should see the scope you created for the application.

Inventoried App Scopes are stored as records in the AzGlobalRight table of the EmpowerID Identity Warehouse. You can view these in the Web on the Find Universal PBAC page. To do so, expand Role Management and click Universal PBAC. Once on the page, select the Global Right tab and search for the App Scope. You should see the scope in the grid as shown in the below image.