Jan 21 2023 08:49 AM - edited Jan 21 2023 08:50 AM
Hi,
according to this comparison you can't use the groups from the underlying Azure AD tenant to manage access of customers to applications. Apparently you can't define app roles and then assign groups to applications and put customers into groups.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/supported-azure-ad-features
However, I was able to do this.
While it is a workaround obviously and I need to consider rate limits when my policy does Graph API calls via an Azure Functions on sign in, I think it should work out just fine for our scenario.
Anything speaks against doing this or am I risking that this functionality gets removed as it's not intended to be possible? Role based access via groups is the best thing about Azure AD and it should be a feature in Azure AD B2C anyway if you ask me. Otherwise you're not able to handle lots of customer facing applications with different customer segments by different business units.
Feb 02 2023 01:40 PM