Assign App Roles to AD Users in AD B2C

Elizabeth Davis 26 Reputation points

Is there a way to assign users that we've added to Active Directory to app roles in AD B2C? I noticed that you can create app roles through the app manifest, but where do you go to then assign the users to these roles?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,850 questions
Azure Active Directory External Identities
Microsoft Graph Users API
Microsoft Graph Users API
A Microsoft API that allows you to build compelling app experiences based on users, their relationships with other users and groups, and the resources they access for example their mails, calendars, files, administrative roles, group memberships.
731 questions
0 comments No comments
{count} vote

Accepted answer
  1. CarlZhao-MSFT 23,526 Reputation points

    Hi @Elizabeth Davis

    Azure AD B2C does not currently support appRole, such as user flows or custom policy. Reference: similar answers.

    However, you can use Azure AD based authentication to grant appRole because Azure AD supports appRole. First, make sure you have added appRoles in your API application's manifest, then click Managed application in local directory to go to Enterprise Applications>Users and groups>Add user/group.



    Next use an Azure AD based authentication flow such as ROPC flow or auth code flow.


    Parse the token and you will see your custom role.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
  1. Hugo Forte 16 Reputation points

    I have the same problem - though this answer does not quite work as it only applies to users that are in the active directory - I'd also like to be able to use roles or groups with all users that are signed up though facebook/google and other social logins.

    3 people found this answer helpful.
    0 comments No comments