This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Why are some of the roles disabled on the Enterprise Applications Add Assignment wizard?
All the roles were previously enabled.
I am currently using these "disabled" roles on login for users who were already assigned the roles but I can't assign the disabled roles to new users.
This is for SSO to AWS.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@rschiefer , Thank you for reaching out. Can you check the app manifest for the AWS application under the Application Registration portal and check for the role name under the appRoles array. Look for the appRoles and check if the isEnabled key for each of those are set to true or false. If they are showing as disabled mostly they might have got disabled from app manifest somehow.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
I only have one entry in appRoles:
{
"allowedMemberTypes": [
"User"
],
"description": "msiam_access",
"displayName": "msiam_access",
"id": "[redacted]",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": null
}
I've always had three different roles for users to choose from when they login. Only one out of the three is now enabled. Do I need to change my appRoles?
@rschiefer , Thank you for sharing the update. The app roles that you mentioned are greyed out in the portal, they must be present in the app-manifest and also its isEnabled key should be set to true.
In your case, it would be great if we can have a dig in a little further so that we can check on the details. It would be great if you can share the following details to azcommunity[at]microsoft[dot]com:
Note: Make sure you share the URL of this post, so that once we have the email its easier for us to identify and help you further.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 0%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
@soumi-MSFT I am having the same issue.
