![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 36%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
982 questions
Hi @Efff dd , from Apple's documentation:
"Federated authentication requires that a user’s User Principal Name (UPN) match their email address. User Principal Name aliases and Alternate IDs aren’t supported."
I would use the domain from your tenant for this. Please also follow our tutorial for this. For the permissions, it's up to you what you want to allow. For regular users I wouldn't grant any special permissions but if you're the owner I would recommend Global Admin. Please look through those docs and let me know if you have any questions.
Thank you,
James