Hi Phil White,
That is error could be because of to several reasons, you can start with the below checks:
-User/Group Permissions: The user or group you’re trying to assign the role to might not have the necessary permissions. Make sure the user or group has the correct permissions to be assigned the role.
-Role Configuration: The role you’re trying to assign might not be configured correctly. Check the configuration of the role and make sure it’s set up to be assignable.
Security Group Settings: If you’re adding the user in a “Security Group”, ensure that the “isAssignableToRole” property is set to false (No). This is currently a limitation in “Microsoft Entra ID” Connector.
References:
- https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal
- https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-enterprise-apps
- https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps
- https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal
- https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-enterprise-apps
- https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-use-app-roles-customers
If the information helped address your question, please Accept the answer.
Luis