Forum Discussion
Adding privilege for provisioning of an Enterprise Application
Hello, To avoid the support task at our service desk, I would like to delegate the provisioning of one Enterprise Application which is used for SSO. Therefore I'm looking for the best practices for ...
Application/service principal management is one of the few areas where custom RBAC roles are supported in Azure AD, so you should be able to leverage those; https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-apps
Hello Vasil,
Thanks to your information, I have created a custom role, assign it to a user and configure the access to a specific enterprise app
Unfortunately I observe that the user have access to other features as creating groups. I don't want that. My goal is to give a clear and limited access to a user (ideally I give him a link and he is directly in the context) so that he can just manage adding/removing users for provisining that app.
I will continue to search for a solution and appreciate your recommandations.
Thank you very much
Pascal
Thanks to your information, I have created a custom role, assign it to a user and configure the access to a specific enterprise app
Unfortunately I observe that the user have access to other features as creating groups. I don't want that. My goal is to give a clear and limited access to a user (ideally I give him a link and he is directly in the context) so that he can just manage adding/removing users for provisining that app.
I will continue to search for a solution and appreciate your recommandations.
Thank you very much
Pascal