This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 70%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
I'm following this documentation:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-get-started?tabs=app-reg-ga
And I found another question answered that I thought fit my case:
https://learn.microsoft.com/en-us/answers/questions/199433/can39t-add-role-assignments-to-azure-b2c-applicati.html
My problem is that the app that I registered will not appear as an option when I try to follow the "Enable user delete and password update" portion of the documentation.
I am also mindful of the notice "Please allow a few minutes to for the permissions to fully propagate." But I've at it for 2 hours now, so I don't think that is the problem.
Here is my App and its API permissions:
And my B2C Tenant
@Leandro Teles
Thank you for pointing this out!
I followed the steps I posted, along with the ones in the documentation for adding the User Admin role to an application and wasn't able to. This leads me to believe something might've been changed on our end, so I've reached out to our engineering team regarding this issue and will update as soon as possible.
If you have any other questions or would like to work with our support engineers on this issue, please let me know.
Thank you for your time and patience throughout this issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 7.000000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFK%3C/text%3E%3C/svg%3E)
Also hitting his issue!
@Frank K
Thank you for adding to this thread! I've reached out to our engineering team regarding this issue and will update as soon as possible.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 34%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
ano update on this? this has become our blocker in our application..
@Leandro Teles and @arun mohan ,
Thank you both for the quick follow-up! I've created a short GIF that should help walk you through the steps.
@Varun CT
I've reached out to our Product Group regarding your ask and providing them the details you mentioned.
-Is there any way to automate this process without Graph explorer?(i.e. using AzureAD app registration)
Alternate Solution:
Using this MS Graph API to assign the service principal of the application the necessary role if desired.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
@Leandro Teles , @arun mohan , and @Varun CT
Hi all,
I just wanted to follow up and let you all know that I received an update from our engineering team letting me know that the issue should be resolved.
If you have any other questions, please let me know.
Thank you all for your time and patience throughout this issue!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 91%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
JamesTran-MSFT · its working.thank you
ano update on this? this has become our blocker in our application..
Hi All · Thank you for reaching out.
There seems to be an issue with the UI. I will report the issue to the product team and get it addressed.
However, as of now, you can follow below steps and use PowerShell to add application to the User Administrator role:
Connect-AzureAD -TenantId Your_B2CTenant.onmicrosoft.com and sign in with Global Administrator account in that tenant. Get-AzureADDirectoryRole cmd and copy the object id of the User Administrator role. Add-AzureADDirectoryRoleMember -ObjectId object_ID_copied_in_Step3 -RefObjectId object_ID_copied_in_Step4 cmdlet. To verify, navigate to Azure AD B2C > Roles and Administrators > User Administrator. You should see the application present under this role.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Im using PowerShell 7.1.1 in Ubuntu . After installed the package still showing the 'Connect-AzureAD' is not recognized as a name of a cmdlet.
Please fix UI issue quickly
Hi All,
Thank you for adding to this thread and for your patience. I received a response from our product team and will post the alternate solution below while the portal experience is being investigated.
Alternate Solution:
Using this MS Graph API to assign the service principal of the application the necessary role if desired.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
did you tested this answer ?
For getting the directory role
1.set the following permission to a application Delegated RoleManagement.Read.Directory, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All, Directory.AccessAsUser.All.
@Varun CT
Thank you for the update!
When listing directory roles, please keep in mind that the MSGraph API display name for a user admin is "User Account Administrator", while the Azure Portal will display User Administrator. For more info.
If you have any other questions, please let me know.
Thank you for pointing this out!
could you please explain the process step by step.
How do you create the bearer token for GET /DirectoryRoles ?
Are you trying this in AD B2C portal or normal portal?
@Varun CT
Thank you for pointing this out! My initial screenshot was for AzureAD, however, I'll post the steps below for B2C.
I hope this helps!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 14.000000000000002%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
am also on same boat here. I have tried these steps and seeing below error.
{
"error": {
"code": "BadRequest",
"message": "Resource not found for the segment 'servicePrincipal'.",
"innerError": {
"date": "2021-01-20T05:30:45",
"request-id": "5a28640d-a809-496c-9ba5-7fbcfe7abfa1",
"client-request-id": "27a0f62b-3212-39e4-ff60-dd6669dd597d"
}
}
}
Thanks for the support.
one more question
is there any way to automate this process without Graph explorer ?(using active directory application registration )
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 43%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
missing 's'
{
"@odata.id": "https://graph.microsoft.com/beta/servicePrincipals/xxxxxxxxxxxxxxxxxxxxxxx"
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 82%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
is this issue fixed?.How long it take to complete bug fix?.please answer. My production unit is pending due to this issue
@arun mohan
Thank you for adding to this thread!
The issue is still being investigated by our engineering team when it comes to assigning this role via the Azure Portal. However, as of right now, you can follow the steps I posted on this thread (https://learn.microsoft.com/answers/answers/236787/view.html) for the Graph API work around steps.
@Leandro Teles
I just wanted to check in and see if you were able to resolve this issue using the Graph API workaround steps?
No. issue is not resolved by graph API
No .Work round is not working for my case.
Reason .
My environment creation is automated with an application registered in azure ad b2c .Only manual interaction is creating this application in azure ad b2c and giving access to application.
For deleting or edit the azure ad b2c user profile needs a user administration role app.That part is pending due to this issue.
Please enable the option in azure portal . My product release is pending due to this bug
Unfortunately my job has not afforded me the opportunity to revisit this issue yet. I expect to do so late next week. In the meantime, I'll have to take @arun mohan , @Varun CT and the rest of the community at their word.