question

rschiefer avatar image
0 Votes"
rschiefer asked SF-5052 published

Enterprise Application Add Assignment - Disabled Roles

Why are some of the roles disabled on the Enterprise Applications Add Assignment wizard?

All the roles were previously enabled.

I am currently using these "disabled" roles on login for users who were already assigned the roles but I can't assign the disabled roles to new users.

This is for SSO to AWS.

adfsazure-ad-user-provisioningazure-ad-identity-governance
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered SF-5052 published

@rschiefer, Thank you for reaching out. Can you check the app manifest for the AWS application under the Application Registration portal and check for the role name under the appRoles array. Look for the appRoles and check if the isEnabled key for each of those are set to true or false. If they are showing as disabled mostly they might have got disabled from app manifest somehow.

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I only have one entry in appRoles:

 {
             "allowedMemberTypes": [
                 "User"
             ],
             "description": "msiam_access",
             "displayName": "msiam_access",
             "id": "[redacted]",
             "isEnabled": true,
             "lang": null,
             "origin": "Application",
             "value": null
         }

I've always had three different roles for users to choose from when they login. Only one out of the three is now enabled. Do I need to change my appRoles?

0 Votes 0 ·

@rschiefer, Thank you for sharing the update. The app roles that you mentioned are greyed out in the portal, they must be present in the app-manifest and also its isEnabled key should be set to true.

In your case, it would be great if we can have a dig in a little further so that we can check on the details. It would be great if you can share the following details to azcommunity[at]microsoft[dot]com:

  • Tenant ID/Tenant Name:

  • Subscription ID:

  • Application Name/Application ID:


Note: Make sure you share the URL of this post, so that once we have the email its easier for us to identify and help you further.

0 Votes 0 ·

@soumi-MSFT I am having the same issue.

89090-image.png


0 Votes 0 ·
image.png (7.2 KiB)