Assign administrator and non-administrator roles to users with Azure Active Directory
In Azure Active Directory (Azure AD), if one of your users needs permission to manage Azure AD resources, you must assign them to a role that provides the permissions they need. For info on which roles manage Azure resources and which roles manage Azure AD resources, see Classic subscription administrator roles, Azure roles, and Azure AD roles.
For more information about the available Azure AD roles, see Assigning administrator roles in Azure Active Directory. To add users, see Add new users to Azure Active Directory.
A common way to assign Azure AD roles to a user is on the Assigned roles page for a user. You can also configure the user eligibility to be elevated just-in-time into a role using Privileged Identity Management (PIM). For more information about how to use PIM, see Privileged Identity Management.
If you have an Azure AD Premium P2 license plan and already use PIM, all role management tasks are performed in the Privileged Identity Management experience. This feature is currently limited to assigning only one role at a time. You can't currently select multiple roles and assign them to a user all at once.
Assign a role to a user
Go to the Azure portal and sign in using a Global administrator account for the directory.
Search for and select Azure Active Directory.
Search for and select the user getting the role assignment. For example, Alain Charon.
On the Alain Charon - Profile page, select Assigned roles.
The Alain Charon - Administrative roles page appears.
Select Add assignments, select the role to assign to Alain (for example, Application administrator), and then choose Select.
The Application administrator role is assigned to Alain Charon and it appears on the Alain Charon - Administrative roles page.
Remove a role assignment
If you need to remove the role assignment from a user, you can also do that from the Alain Charon - Administrative roles page.
To remove a role assignment from a user
Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed. For example, Alain Charon.
Select Assigned roles, select Application administrator, and then select Remove assignment.
The Application administrator role is removed from Alain Charon and it no longer appears on the Alain Charon - Administrative roles page.
Other user management tasks you can check out are available in Azure Active Directory user management documentation.
Submit and view feedback for