Assign App Roles to AD Users in AD B2C

Question

Is there a way to assign users that we've added to Active Directory to app roles in AD B2C? I noticed that you can create app roles through the app manifest, but where do you go to then assign the users to these roles?

Answer 1

Hi @Elizabeth Davis

Azure AD B2C does not currently support appRole, such as user flows or custom policy. Reference: similar answers.

However, you can use Azure AD based authentication to grant appRole because Azure AD supports appRole. First, make sure you have added appRoles in your API application's manifest, then click Managed application in local directory to go to Enterprise Applications>Users and groups>Add user/group.

Next use an Azure AD based authentication flow such as ROPC flow or auth code flow.

Parse the token and you will see your custom role.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I have the same problem - though this answer does not quite work as it only applies to users that are in the active directory - I'd also like to be able to use roles or groups with all users that are signed up though facebook/google and other social logins.