This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 19%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
I have created a signup/signin flow in Azure AD External Identities, using a Google Identity Provider , and added my application to this user flow.
The flow itself works as expected, as during signup the user is created, however after inserting the password, I get the following error :
The signed in user is not assigned to a role for the application
This error makes sense, as during signup the guest user is not added to any group nor given any roles, which it needs to access the application.
My question is, is there a way to give the necessary roles/add the user to a default group during the signup/signin flow process?
Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Dynamic Group Membership would be a good solution for you. If the users meet the criteria that you define, they will be automatically assigned to a group. (Note that a Premium P1 license is needed to use this feature.)
https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule
You can also create a Powershell script to automatically assign new users to enterprise application. While there isn't an official Microsoft sample that does this, there is a recent blog post here that contains a script that does just this.
Here is the code sample: Add User To Azure AD Application Powershell
You could also set "User assignment required" to "No", but that may not suit your scenario.
Let me know if this helps!