This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 83%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Hi comnunity team,
I have a question, Actually my account in Microsoft Entra ID has assigned the role "Directory Readers" but for my activities I need to Add memberships to groups for SSO access.
I don't want an admin role, I only need permissions for add miemberships to groups.
¿What role can I have for this action only?
Thanks for your help.
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
If you cant have an admin role, then you need to be an owner of the group to update the membership.
Thank you very much!
This optiion solved my problem
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 74%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Hello @Amparo Gomez Salazar,
To add on to the already provided information, if you want to review more details on the Group administrator role or the least privilege required to perform group modification please refer below documents.
Groups-administrator
Concept-learn-about-groups
Assign-user-or-group-access-portal
Whats the point of just repeating the same thing over and over?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 79%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hello @Amparo Gomez Salazar ,
Thank you for contacting Q&A Forum. If you don’t want an admin role but you still need permissions for adding memberships to groups, here are 2 scenarios you can consider:
If you wish to add memberships for groups that you create or got assigned to, the most suitable role for you is Group Owner. You can add or remove members, manage group settings (descriptions, subscriptions, name, etc,...), approve or deny join requests,.... This would be ideal for managing specific groups or least privilege access (no broader directory permissions)
If you want to manage any group in the directory and assign roles or manage group-based policies outside of your own groups, Group Administrator would be suitable in this scenario. This role allows a user to create and manage all aspects of groups and group settings, add/remove members from any group (including security and Microsoft 365 groups) and manage group membership for access control and SSO scenarios.
In summary, Group Owner is enough for specific groups and least privilege access which could fit your case. For broader control, consider having Group Administrator as your role.
Kindly let me know if this work for you and please let me know if you have any further question.
If I have answered your question, please accept this as answer as a token of appreciation and don't forget to thumbs up for "Was it helpful"!
Best regards,
Megan
I hope everything is going well on your end.
I’m reaching out to warmly follow up on our last interaction regarding your question. I just wanted to check if you have any further questions or concerns that we can assist you with.
If the above answer was helpful and resolved your query, do click "Accept Answer" and "Yes" for was this answer helpful.
Have a good day ahead!
Thank you!
I'am Group Owner and now I can to add new users for this group
:D