Azure AD single sign on

Anonymous
2020-01-29T09:44:35.14+00:00

Hey Guys,

We have been trying to set up a SSO for the Aha! app on Azure.

We have created a security group that has a specific role "Viewer"that all members of our organization are members of. This role has been added manually by editing the app roles.

"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"description": "msiam_access",
"displayName": "msiam_access",
"id": "xxx",
"isEnabled": true,
"origin": "Application",
"value": null
},
{
"allowedMemberTypes": [
"User"
],
"description": "ProductRole",
"displayName": "ProductRole",
"id": "xxx",
"isEnabled": true,
"origin": "ServicePrincipal",
"value": "viewer"
}
The role has been added to the group but the "Viewer" role doesn't apply when a user signs in. They have the "None" role.

Can you please help out?

Best regards

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,189 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. soumi-MSFT 11,756 Reputation points Microsoft Employee
    2020-01-29T10:11:03.417+00:00

    @nadicad, Is the appRole "Viewer" been assigned to the user?

    Ideally when you add an appRole using the App Manifest, that role also has to be assigned to the users who would be accessing that app.
    Make sure you the users have that role assigned to them.
    You can refer to the following article for reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

    0 comments No comments