Create and Assign Custom Security Attributes

cosy M 6 Reputation points
2024-06-21T03:45:43.24+00:00

How do I design a few applications access based on the following fields?

Can i create Custom security Attributes or Group base permission?

Application ------> App1, App2

Role ------> Contractor , engineer, PM, SalesRep

RoleID --->Con , ENG, SRP

Group --> Contractor, Engineer, Manager

Type ---> External User /Internal User

will this help to give access to App1

Only users in the engineer group only do Task2

Only users in the contractor group only do Task

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,740 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,342 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. cosy M 6 Reputation points
    2024-06-24T01:55:47.9333333+00:00

    Do any update?

    0 comments No comments

  2. Raja Pothuraju 1,190 Reputation points Microsoft Vendor
    2024-06-24T20:35:08.0133333+00:00

    Hello @cosy M,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, I understand that you have two applications, App1 and App2, and you want to design access control for these applications based on specified fields, such as groups to which users belong.

    Please correct me if I am wrong, you want UserA in the "Engineer" group to have access to perform Task2 inside the application, and UserB in the "Contractor" group to have access to perform Task1.

    You can achieve this by passing the group claims in the token. You can follow the document below to add group claims to tokens for SAML applications using SSO configuration:

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-group-claims#add-group-claims-to-tokens-for-saml-applications-using-sso-configuration

    Once the group claim is passed in the token, you can provide access to the user based on the group to which the user belongs.

    If your application is integrated in app registration, you can refer to the document below to add groups as optional claims:

    https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims?tabs=appui

    I hope this information is helpful. Please feel free to reach out if you have any further questions.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    Thanks,
    Raja Pothuraju.