Azure AD single sign on

Anonymous
2020-01-29T09:44:35.14+00:00

Hey Guys,

We have been trying to set up a SSO for the Aha! app on Azure.

We have created a security group that has a specific role "Viewer"that all members of our organization are members of. This role has been added manually by editing the app roles.

"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "msiam_access",
"displayName": "msiam_access",
"id": "xxx",
"isEnabled": true,
"origin": "Application",
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "ProductRole",
"displayName": "ProductRole",
"id": "xxx",
"isEnabled": true,
"origin": "ServicePrincipal",
"value": "viewer"
}
The role has been added to the group but the "Viewer" role doesn't apply when a user signs in. They have the "None" role.

Can you please help out?

Best regards

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,729 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. soumi-MSFT 11,651 Reputation points Microsoft Employee
    2020-01-29T10:11:03.417+00:00

    @nadicad, Is the appRole "Viewer" been assigned to the user?

    Ideally when you add an appRole using the App Manifest, that role also has to be assigned to the users who would be accessing that app.
    Make sure you the users have that role assigned to them.
    You can refer to the following article for reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

    0 comments