I created some AD user in Azure Management Portal, too and would like to assign some roles to these users. My user has role "Global Administrator". There are only roles available that do not fit to my business requirements. So I would like to know whether there is already a solution how to add new roles because Graph Api or azure ad powershell seems not to support this feature.
Thx for the support
Azure AD doesn't yet allow creating custom "app roles". You can however create security groups and add users to those groups. The application that needs to check for these roles for authorization can check for the signed in user's group membership (transitively using this graph API: http://msdn.microsoft.com/en-us/library/azure/dn424889.aspx) for the group that represents the role(s).
App roles is on our radar - however you shouldn't block on it.
Hope this helps.
Now this is supported and in your app you can
[Authorize(Roles = "Admin, Observer, Writer, Approver")]
In this example of Microsoft you can see how to do it https://github.com/AzureADSamples/WebApp-RoleClaims-DotNet
You can red more about this feature in http://blogs.msdn.com/b/aadgraphteam/archive/2014/12/12/announcing-the-new-version-of-graph-api-api-version-1-5.aspx
