Azure Active Directory Roles

0
votes

I'm trying to figure out how do Azure AD roles work.

I signed into the old portal (manage.windowsazure.com) because the Active Directory is not yet moved to the new portal (portal.azure.com). Then I added a user with the role "User", another user with the role "Billing Admin" and another one with "Global Admin".

In the new portal, I can assign roles to manage the resources both users have access to. However, if I try to log in the Azure AD with either of those accounts, I get a "No subscriptions found" message. I don't understand why, because according to this Microsoft's article, at least the Global Admin and Billing Admin should have access.

So, how could I have roles so that people in the finances team can only access finances-related information?

1
azureactive-directoryidentityazure-active-directory

1 Answers

0
votes

The way I understand this is that roles in Azure AD (User Admin, Billing Admin etc.) are only applicable to Azure AD only. They have nothing to do with subscription roles (the roles you set in Azure portal like Owner, Contributor, Reader).

What you have to do is once you have created these users in Azure AD in the old portal, go back to Azure Portal and assign subscription roles to these users according to your requirement. Once these folks have a subscription role assigned to them, they should be able to access Azure Portal. You may find this link useful for assigning subscription roles: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/.