Jun 14 2021 06:28 AM - edited Jun 14 2021 06:54 AM
Hi,
We have a requirement to allow some Azure AD users (we call them app-admins) to invite (using B2B) new users into specific AD groups. The app-admin users own group membership (+ some biz rules) will dictate which groups they can invite new users into.
Therefore we can't grant these users the required permission to (B2B) invite directly. Instead, we have a custom App Registration which exposes our own thin API, which makes calls to the Graph API in the context of the application (which has been granted permission to invite) rather than the user.
We require that consumers of our API may only call it within the context of a user, so we can make the necessary decisions about what to allow/block.
I have two questions I hope you can help with:
Thanks!
J