Share via

Az AD B2C Tenant - RBAC - apply multiple roles to a group for admin accounts

DonnaSmith 151 Reputation points
2022-10-13T14:38:11.683+00:00

Have created prod and dev B2C tenants - pricing tier premium P1. I am global admin of the tenants. Additional admin users created.

Created several groups 'M365 RBAC - Networks', 'M365 RBAC - Dev' etc - can add members to the groups but cant assign roles
Can assign roles individually to users in az ad b2c tenant > users.

Want to try and have role based groups in play for example the Dev group may have multiple roles for managing apps, user flow, external user id etc
We want to avoid having to manually add to every dev user.

I seen mention about checking azure active directory and ensuring the toggle is enabled for 'Azure AD roles can be assigned to the group'
This is greyed out - I thought azure active directory was completely seperate to the az ad b2 tenant

Can someone help me figure out what Im missing please? I am aware consumers cant be members of groups but thats not required here.

Thanks

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
985 questions
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. Shweta Mathur 30,301 Reputation points Microsoft Employee Moderator
    2022-10-17T10:28:22.12+00:00

    Hi @DonnaSmith ,

    Thanks for reaching out.

    I understand you are trying to add Azure AD roles to the group in Azure AD B2C tenant but not getting proper options here.

    Azure AD B2C is another service built on the same technology but not the same in functionality as Azure AD.

    Out-of-the-box Azure AD B2C does not expose any functionality related to Security Groups. They exist as an entity type and can be accessed via the regular Azure AD portal blade but there are no features for including user group membership issued as a result of a user flow.

    In Azure AD, it is possible to assign multiple roles to the group as those users are part of the Azure AD tenant (Organization) to access the resources in that tenant.

    However, Azure AD B2C target is to build a directory for consumer applications where users can register with e-mail ID or social providers like Google, FB, MSA, known as Federation Gateway. Azure AD B2C is not targeted at organization users but consumers where assigning Azure AD roles to consumers is not making sense.

    Although, you are able to see Azure AD similar features like "users" or "groups" in Azure AD B2C tenant as well, but it is not recommended to use those Azure AD features. This is because that you may come across too many issues when using these features as B2C tenant is not designed for these features.

    Hope this will help.

    Thanks,
    Shweta

    -------------------------------------------------------

    Please remember to "Accept Answer" if answer helped you.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.