Adding privilege for provisioning of an Enterprise Application

dbpascal · ‎May 03 2022

Hello,

To avoid the support task at our service desk, I would like to delegate the provisioning of one Enterprise Application which is used for SSO. Therefore I'm looking for the best practices for adding very limited privilege to one Azure AD user so that he can manage the group (add/remove users) for the provisioning.

I will appreciate your recommandations.

Thank you

Pascal

Vasil Michev · ‎May 03 2022

Application/service principal management is one of the few areas where custom RBAC roles are supported in Azure AD, so you should be able to leverage those; https://docs.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-apps

dbpascal · ‎May 09 2022

Hello Vasil,
Thanks to your information, I have created a custom role, assign it to a user and configure the access to a specific enterprise app
Unfortunately I observe that the user have access to other features as creating groups. I don't want that. My goal is to give a clear and limited access to a user (ideally I give him a link and he is directly in the context) so that he can just manage adding/removing users for provisining that app.
I will continue to search for a solution and appreciate your recommandations.
Thank you very much
Pascal

Adding privilege for provisioning of an Enterprise Application

Adding privilege for provisioning of an Enterprise Application

Re: Adding privilege for provisioning of an Enterprise Application

Re: Adding privilege for provisioning of an Enterprise Application

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Adding privilege for provisioning of an Enterprise Application