Using managed identities to assign users and groups to app-roles in Enterprise apps

Question

Hi everyone,
I'm looking for a way to use managed identities to assign users and groups to app-roles in Enterprise apps via Azure DevOps pipelines (using Workload Identity Federation)
Currently it seems I can't add a managed identity as an owner on the enterprise app, for example.
Thanks in advance!

josimar-hedler · Answer

Managed identity ownership is not required to assign users or groups to application roles.

What your workload identity needs is the appropriate Microsoft Graph permissions (such as AppRoleAssignment.ReadWrite.All) or a directory role like Application Administrator.

App role assignments are authorization operations, not ownership operations

Forum Discussion

Using managed identities to assign users and groups to app-roles in Enterprise apps

1 Reply