This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 37%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I have a problem getting user roles when implementing SSO on my application. I tried sending it via 'claims & attributes' but the attribute user.assignedroles doesn't work. Can I get some help please?
Kind regards, Bojan
Hi @Sima , are you getting any error messages? Are you following any docs or tutorials for this that I can follow?
Hi @James Hamil I managed to do it in the end. I just have one more question on this topic: Is there a way I can delete the default role in the application named 'User'?
Awesome! Would you mind sharing the solution so I can post it for other users to reference? You can't delete the default role, but you can remove the assignment! https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal#remove-a-role-assignment
Yes, no problem. I followed this tutorial https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-enterprise-app-role-management . But where I was stuck was I couldn't call the API because I was doing it with the 'Guest' user. So the important thing for me was to CREATE a user(not invite him) and with that created user(that has 'Member' type) to call APIs that are referenced in the documentation.
And about the deleting the user, you are talking about integrated Azure roles here but I am talking about Enterprise Application roles (I am referencing it in the image).
Hi @Sima , you want to remove the role itself, or the user that has the role? You can't remove the default User role.
Thank you @Sima for providing a solution. I'll summarize it here so other users can reference it. Please verify it if you don't mind!
When configuring role claims as described in this document, be sure to Create a user instead of inviting them. With the newly created "Member" type user, you can call the APIs.