Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE

Azure AD Authentication (WAC) - unable to assign role other than Default Access

Copper Contributor

When you turn on Azure authentication and add a user, the documentation states that you should be able to assign them a role;


Configuring user access control and permissions | Microsoft Docs

"In the Users and groups tab, select Add user. You must assign a gateway user or gateway administrator role for each user/group added."

Unfortunately role assignment is not possible as the only role available is "Default Access". The roles "Gateway User" and "Gateway Admin" or any other role for that matter are not there. This results in inability to access WAC using Azure AD authentication as it results in this message:

 

"You are not authorized to access this site. Please contact your administrator."

 

How can Gateway User or Admin roles be assigned when you assign the application to users through Azure - currently they are missing - is this a bug or am I missing a step? Thank you in advance. 

 

 

1 Reply

Just to close the loop - it was an issue with the app Azure registration and permissions (read, user error :)) - the api permissions and consent were not what they needed to be. 

 

Once I unregistered and re-registered the application and acknowledged and gave consent for the appropriate permissions, the gateway user and gateway admin roles became available for assignment as advertised.