How to Add App Roles

This guide provides step-by-step instructions for Azure application owners to add app roles using Resource Admin. Adding app roles enables fine-grained access control and enhances your application's access management capabilities.

Prerequisites

• Access to the Resource Admin portal.
• Permission to manage the relevant Azure application.

Steps to Add App Roles

1. Log in to Resource Admin

1. Open the Resource Admin portal.
2. Enter your credentials and log in.

2. Navigate to Applications

1. From the Resource Type menu, select Applications.
2. Search for the Azure application you want to manage.
3. Click the Friendly Name link for the application to access its Overview page.

3. Create a New App Role

1. On the Overview page, click App Roles.
2. Expand the Actions accordion and click Create Azure Application Role.
3. The Create Azure Application Scope form will open.

4. Fill in App Role Details

1. Complete the form with the following fields:
   • Name: Provide a name for the app role (e.g., Report Writer).
   • Allowed Member Types: Specify whether the role can be assigned to:
     • Users/Groups
     • Applications
     • Both (Users/Groups + Applications)
   • Value: Define the value of the roles claim (e.g., Report.Create).
   • Description: Provide a description for the app role (e.g., "Writers can create reports").
   • Application Role Requestable in IAM Shop: Indicate if users can request the role in the IAM Shop.
   • Select a Location: Choose a location for the app role in EmpowerID. If a default location is pre-selected, you can change it by clicking the link and selecting a new location from the Location Tree.

5. Review and Complete

1. Click Next to review the details.
2. Confirm the information and click Submit to create the app role.

---

Note: Ensure all role configurations align with your application's access management requirements. For further assistance, contact your system administrator or consult the Resource Admin documentation.