Forum Discussion
ocarmely
Microsoft
Feb 15, 2026Using managed identities to assign users and groups to app-roles in Enterprise apps
Hi everyone,
I'm looking for a way to use managed identities to assign users and groups to app-roles in Enterprise apps via Azure DevOps pipelines (using Workload Identity Federation)
Currently i...
Feb 23, 2026
Managed identity ownership is not required to assign users or groups to application roles.
What your workload identity needs is the appropriate Microsoft Graph permissions (such as AppRoleAssignment.ReadWrite.All) or a directory role like Application Administrator.
App role assignments are authorization operations, not ownership operations