Entra Enterprise Applications Users and Groups - adding roles

Question

When adding a role to a user or group in the Enterprise Application the role is not saved, the user or group is saved but clicking edit assignment for the user or group shows "none selected" under roles. Selecting a role and then saving produces an error "Application assignment failed" and the role is not saved.

Answer 1

Hi Phil White,

That is error could be because of to several reasons, you can start with the below checks:

-User/Group Permissions: The user or group you’re trying to assign the role to might not have the necessary permissions. Make sure the user or group has the correct permissions to be assigned the role.

-Role Configuration: The role you’re trying to assign might not be configured correctly. Check the configuration of the role and make sure it’s set up to be assignable.

Security Group Settings: If you’re adding the user in a “Security Group”, ensure that the “isAssignableToRole” property is set to false (No). This is currently a limitation in “Microsoft Entra ID” Connector.

References:

• https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal
• https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-enterprise-apps
• https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps
• https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal
• https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-enterprise-apps
• https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-use-app-roles-customers

If the information helped address your question, please Accept the answer.

Luis

Answer 2

My issue ended up being with the Enterprise Application

Answer 3

Hi @Phil White,

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

When attempting to assign a role to a user or group within the Enterprise Application, the role itself is not saved. However, the user or group is successfully saved. Upon clicking ‘Edit Assignment’ for the user or group, the roles section displays ‘none selected.’ If a role is then chosen and saved, an error occurs with the message ‘Application assignment failed,’ and the role remains unassigned.

Solution:

You were able to resolve your issue by adjusting the enterprise application configuration.

---

If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.