Share via

Accepted invitations for Azure static web app are not showing in role management page

James Pearson 0 Reputation points
2025-05-12T14:54:03.8233333+00:00

We host a documentation site with static web apps and restrict access by inviting customer's AAD accounts and associating them with a role when we invite them.

Over the last few days the accepted invitations have stopped showing up in the role management page and users are getting a 403 attempting to access the site, even when they are logged in with the AAD account which was invited.

Is there a problem with AAD invites? I tried a GitHub invite and that worked as expected.

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,173 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alekhya Vaddepally 1,670 Reputation points Microsoft External Staff Moderator
    2025-05-12T18:37:49.1466667+00:00

    Hi
    Azure Static Web Apps uses Azure Active Directory B2B (business-to-business) cooperation to manage inviting users. When a guest accepts an invitation, they should be added as a guest user to your Azure advertising tenant, and then the Rolls (eg reader, contributor, or custom roles) in the static web app.

    Recently, either changes may occur as to how Azure Ads Processes Guest User Role In Assignment or Token Promotion Time, which can explain why: Why:

    Even after accepting the invitation, users are not showing under the role management. Users also get 403 when logged properly.You have also mentioned that GitHub login works - it makes sense because GitHub certification uses a separate identity provider flow, does not depend on AAD B2B inviting behavior.

    Azure Active Directory> Users> Go to new guest users or search for guest user emails under users to confirm that they are added.
    Add B2B collaboration users in Azure AD

    Even if the user has accepted the invitation, sometimes the role does not bind correctly. Re -reconcile their role manually from the Azure portal:

    Go to your Azure Static Web app in the portal. Click on certification> role management.

    Click on Add and regularly enter the guest user email.Assign the appropriate role (eg, reader).
    Manage roles for users and groups in Azure Static Web Apps

    Sometimes this issue can occur with authentic tokens that do not update after changing a role. Ask the user: Log out completely, Clean their browser cash/cookies, Login again

    This ensures that they receive a fresh token with the updated role claims.

    if you have any further concerns or queries, please feel free to reach out to us.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.