Denmark +45 7944 7000
Europe +45 7944 7000
North America +1 (202)-536-4165
Denmark +45 7944 7002
North America +1 (202)-536-4165
Start a conversation

Azure App Configuration For RBAC


Role Based Access Control is a function in Resource Central (RC) that allows Azure users to log in the Resource Central without the need to create Persons in the system.


This requires specific configuration in the Azure app in order to allow Azure users log in and get Roles in RC based on their setup in the Azure app.

This setup requires you to configure External Authentication in RC backend ➔ Authentication beforehand. Refer to RC Admin Guide for more details.

Azure App Configuration for RBAC

Go to Azure Portal  Azure Active Directory  App registrations, and open the Azure app that you created for external authentication to Resource Central. Then configure the followings:

API Permissions Configuration

On your Azure app, go to API permissions ➔ click [Add a permission] to open the following screen:

Select Microsoft Graph...

... Then select Delegated permissions.

Next, search and add the following permissions:

  • email
  • openid
  • profile
  • User.Read

Then [Grant admin consent] to the added permissions. The result should look similar as follows:

App Roles Configuration

On your Azure app, go to App roles. Here you can create app roles that match with their respective roles in Resource Central.

To be able to do the initial configuration of RBAC in Resource Central an App Role called SysAdmin must be created.

The following section will describe how to create an app role in detail.

To create a new app role, click [Create app role] to open the following screen:

Here, fill in the following fields:

1. Display name: enter a role name which will be displayed on Azure.

2. Allowed member types: select Users/Groups.

3. Value: fill in this field with the Name of the respective Role in Resource Central. E.g.:

4. Description: enter a description of the role.

5. Do you want to enable this app role: make sure that it is checked.

Click [Apply] to create the role. Repeat the same steps to create other app roles. The result should look similar as follows:

Assign App Roles to Azure users

Go to Azure Portal  Azure Active Directory  Enterprise applications, then go to All applications:

Here, search for the Azure app that you have configured app roles, open it, and go to Users and groups:

Click [Add user/group] to open Add Assignment where you can add users to the app and give them app roles:

If no user nor role selected, the screen will show ’None Selected’. First, click on the text at Users to search and add Azure users:

Next, select a role for the selected users above:

NOTE: You can only assign one role for a group of users at a time.

When you have assigned users and a role, click [Assign] on ’Add Assignment’ screen. You will see the users added with the app role on ’Users and groups,’ e.g.:

Repeat the same method to add other users with different app roles.

The Azure app configuration for RBAC is now finished.

If you want to edit the users’ app role, select the users and click [Edit assignment], which will open the Add Assignment screen as described above.


Applies toRC 4.3+

Reference: TFS #339238

Knowledge base ID: 0325

Last updated: Jun 13, 2023

Choose files or drag and drop files