Do any update?
Create and Assign Custom Security Attributes
How do I design a few applications access based on the following fields?
Can i create Custom security Attributes or Group base permission?
Application ------> App1, App2
Role ------> Contractor , engineer, PM, SalesRep
RoleID --->Con , ENG, SRP
Group --> Contractor, Engineer, Manager
Type ---> External User /Internal User
will this help to give access to App1
Only users in the engineer group only do Task2
Only users in the contractor group only do Task
2 answers
Sort by: Most helpful
-
-
Raja Pothuraju 8,095 Reputation points Microsoft Vendor
2024-06-24T20:35:08.0133333+00:00 Hello @cosy M,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I understand that you have two applications, App1 and App2, and you want to design access control for these applications based on specified fields, such as groups to which users belong.
Please correct me if I am wrong, you want UserA in the "Engineer" group to have access to perform Task2 inside the application, and UserB in the "Contractor" group to have access to perform Task1.
You can achieve this by passing the group claims in the token. You can follow the document below to add group claims to tokens for SAML applications using SSO configuration:
Once the group claim is passed in the token, you can provide access to the user based on the group to which the user belongs.
If your application is integrated in app registration, you can refer to the document below to add groups as optional claims:
https://learn.microsoft.com/en-us/entra/identity-platform/optional-claims?tabs=appui
I hope this information is helpful. Please feel free to reach out if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks,
Raja Pothuraju.