Get the appRoles for the guest/external users in application with multi- tenancy

0
votes

I have an Azure application who authenticates users with multi-tenancy.

I have added some appRoles in the manifest file of the application. I have added the users and assigned them these appRoles.

I am able to get the roles for the normal user (user of the tenant where the application is created) in my application. But for the guest users, I am not able to get their assigned appRoles.

How can I achieve this?

Also, if I have multi-tenancy on and I want to assign appRoles to the user of another tenant, how can I do that, as I am not able to see the user of added tenants in the Custom Domains?

NOTE: I get the token for the guest users if I disable multi-tenancy, but then I will have to add all the users of other tenants as guests which I want to avoid if possible.

1
azureazure-active-directorymulti-tenant
The roles should be in the token right? Are you not getting them?juunas
yes the roles are in token and I am getting them for normal users, but not for the guest users. For guest users, roles are undefined.Foramkumar Parekh

1 Answers

0
votes

For the roles to show up for the guests, they have to sign in against your tenant, not the common endpoint. If you use the common endpoint, they'll login with their home tenant.

You can't assign roles for users in another tenant, only their admin can do that. You can only assign roles for users in your tenant (guest or otherwise). In a multi-tenant app, the other tenant's admin is responsible for role assignments.