Assign administrator and non-administrator roles to users with Azure Active Directory

If a user in your organization needs permission to manage Azure Active Directory (Azure AD) resources, you must assign the user an appropriate role in Azure AD, based on the actions the user needs permission to perform.

For more information about the available roles, see Assigning administrator roles in Azure Active Directory. For more information about adding users, see Add new users to Azure Active Directory.

Assign roles

A common way to assign Azure AD roles to a user is on the Directory role page for a user.

You can also assign roles using Privileged Identity Management (PIM). For more detailed information about how to use PIM, see Privileged Identity Management.

To assign a role to a user

  1. Sign in to the Azure portal using a Global administrator account for the directory.

  2. Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment. For example, Alain Charon.

    All users page - select the user

  3. On the Alain Charon - Profile page, select Assigned roles.

    The Alain Charon - Directory role page appears.

  4. Select Add assignment, select the role to assign to Alain (for example, Application administrator), and then choose Select.

    Assigned roles page - showing the selected role

    The Application administrator role is assigned to Alain Charon and it appears on the Alain Charon - Directory role page.

Remove a role assignment

If you need to remove the role assignment from a user, you can also do that from the Alain Charon - Directory role page.

To remove a role assignment from a user

  1. Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed. For example, Alain Charon.

  2. Select Assigned roles, select Application administrator, and then select Remove assignment.

    Assigned roles page, showing the selected role and the remove option

    The Application administrator role is removed from Alain Charon and it no longer appears on the Alain Charon - Directory role page.

Next steps

Or you can perform other user management tasks, such as assigning delegates, using policies, and sharing user accounts. For more information about other available actions, see Azure Active Directory user management documentation.