Don't get a role/group from Azure AD

Em, Alexandra 40 Reputation points


Hope you're doing well,

I have a problem with Azure integration. We try to integrate Azure in android mobile application.

But we don't get role from Azure side.

For request role/group from Azure AD our developers used memberOf API, but this API doesn't return the name of role/group, it returns me NULL values: queries (3).txt

Reques which our developers used: request role azure.txt

But if I call memberOf via Graph Explorer I see the needed role, you can see it on screen below.

Our global team tries to solve this problem but now I get error AADSTS50105 (((

I don't understand what I should do for the correct integration Azure. And global team also doesn't know. Please, could you help me?


Details of application:

Application Name : iView_APP_SH_KZ_QA

Object ID : 42e40b98-9db5-4cea-9eaf-075537e55a19

User's image

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,450 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,447 questions
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 18,866 Reputation points Microsoft Employee

    Hi @Em, Alexandra , One possible reason for this issue is that the memberOf API may not be returning the role/group information because the user account you are using to authenticate does not have the necessary permissions to access this information. To retrieve the role/group information, the user account must have the "Directory.Read.All" or "Directory.ReadWrite.All" permission.

    To resolve this issue, you can try the following steps:

    1. Check if the user account you are using to authenticate has the necessary permissions to access the role/group information. You can check this by going to the Azure portal, selecting the user account, and checking the "Directory role" or "Assigned roles" section to see if the user has the "Directory.Read.All" or "Directory.ReadWrite.All" permission.
    2. If the user account does not have the necessary permissions, you can grant the "Directory.Read.All" or "Directory.ReadWrite.All" permission to the user account by assigning the appropriate role to the user. You can do this by going to the Azure portal, selecting the user account, and assigning the "Directory Readers" or "Directory Writers" role to the user.
    3. Once the user account has the necessary permissions, you can try retrieving the role/group information again using the memberOf API in your Android mobile application.

    If you are still having issues, you can try using the Microsoft Authentication Library (MSAL) for Android to authenticate the user and retrieve the role/group information. If this still doesn't work let me know and we can open a free support ticket for you.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,


    0 comments No comments

  2. Em, Alexandra 40 Reputation points

    Hi all,

    No, I didn't solve the issue.

    Regarding permissions "Directory.Read.All" and "Directory.ReadWrite.All" - admin said that they can't add these permissions because it's not allowed by security ((

    Are you sure that these permissions are required for android app and when we'll grant it we can give the group name with the memberOf?

    And also we haven't Group.Read.All permission, I think that this permission is needed.

    0 comments No comments