Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
661 questions
Group Owners in Azure AD B2C tenant cannot add members in their group
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 57.00000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
user20201
286
Reputation points
We have Azure Active Directory B2C tenant and a security group. We invited a guest user and added him as the group owner of the security group but upon accepting the invite, an error occurred. We fixed that by changing the User Type from "Guest" to "Member." However, they still can't add members and manage their own groups.
We tried to grant the group owners "Guest Inviter" role, and luckily, they can manage their own groups and no access on other groups which apparently, we want to happen. But users in "Guest Inviter" role can invite guest users which we don't like to be done by group owners. Is there specific Azure Role which meets the requirement that group owners' permission is JUST to manage his own group and nothing more? Or if we create custom role, would there be additional requirement or license since we are using Azure AD B2C?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee2022-10-27T22:22:14.16+00:00 Hi @user20201 ,
I have reached out to the product team to see if there is a way to support your scenario, but based on my understanding don't believe that there is an option an option in B2C to only allows users to invite guests who are members of the specific group. One option would be to limit your users to only invite guests from specific organizations, or to only allow your users to participate as guests with specific organizations.
In regular Azure AD you could use self-service groups, but this isn't supported yet in B2C.
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-self-service-managementYou can create feedback for this request here: https://feedback.azure.com/
I'll let you know once I hear back from the product team though.
-
user20201 286 Reputation points
2022-11-03T01:36:02.4+00:00 Hello @Marilee Turscak-MSFT ,
I have tried configuring the User Settings for External Users and set the Guest Invite Setting to "No one in the organization can invite guest users including admins (most restrictive)" this happen to meet the scenario but it applies globally. I am also trying to create custom role for this.
Looking forward as well with the discussion from your product team. Thank you.
Sign in to comment