Application Specific Roles in Azure AD?

0
votes

Lets say i have an WEB API that i have developed and the web API is already protected by Azure AD using App registrations.

Now the Web API has some roles like Admin User and Manager.

I want to store these roles in Azure AD too and get an accesses token for Azure so in the JWT claim of the accesses token the role is present.

Any pointers if this is possible at all ?

1
azure-active-directory

1 Answers

0
votes

You could add an appRole into your Azure AD app and assign users and groups to roles.

Then the users in the group will have the claim like below:

{
  "roles": ["{the role you customized}"]
}

After that, the role will be included in the access token. And you can implement your authorization logic based on the roles of the user.