Share via

Add guest user to group during signup flow with azure ad b2b

Manuel Mourato 1 Reputation point
2021-10-01T13:14:44.527+00:00

I have created a signup/signin flow in Azure AD External Identities, using a Google Identity Provider , and added my application to this user flow.
The flow itself works as expected, as during signup the user is created, however after inserting the password, I get the following error :

The signed in user is not assigned to a role for the application

This error makes sense, as during signup the guest user is not added to any group nor given any roles, which it needs to access the application.

My question is, is there a way to give the necessary roles/add the user to a default group during the signup/signin flow process?

Thank you

Microsoft Security Microsoft Entra Microsoft Entra External ID
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-10-01T22:04:50.383+00:00

    Dynamic Group Membership would be a good solution for you. If the users meet the criteria that you define, they will be automatically assigned to a group. (Note that a Premium P1 license is needed to use this feature.)

    https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule

    You can also create a Powershell script to automatically assign new users to enterprise application. While there isn't an official Microsoft sample that does this, there is a recent blog post here that contains a script that does just this.

    Here is the code sample: Add User To Azure AD Application Powershell

    You could also set "User assignment required" to "No", but that may not suit your scenario.

    Let me know if this helps!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.