Entra App Registration: A deep dive into configuration part 4

Подписаться 770

Просмотров 1,2 тыс.

50% 1

This time Marius and Olav are looking into the confusing side of roles and permission on the App registrations.
Keywords are: Roles and administrators, App roles, Group claims with security groups and directory roles, Owners
00:00 Intro
00:55 The confusion!
01:34 Roles and administrators
02:22 PIM assigning roles like "Cloud application administrator"
05:00 Owners
06:44 API permissions
07:05 Privileged role permissions
07:35 App role assignment
09:40 App roles
10:20 Creating and using App roles
12:20 Microsoft Graph explorer
14:20 ID token
15:30 Understanding the token
18:20 Manifest
25:15 Token configuration
25:28 Add optional claims, Directory roles and groups
29:40 Groups assigned to the application
30:37 Applications connected with a Group

Наука

Опубликовано:

4 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 4

@tech_excellence 2 месяца назад

nice episode!

@tsmith77772 5 месяцев назад

Great deep dive on this, appreciate you posting. I will admit this episode lost me a bit. You covered how to add app roles, and how to identify them in a token, but I still have no idea how they work. How do app roles actually give you extra permissions to the app? What does it key off of? Are there a list of app roles that are pre-built that we can see. You seemed to type random names for the app roles, but I didn't see any drop down to actually choose an app role that would grant you extra permissions, so I really don't understand that feature. From this demo, I didn't see any benefit to app roles at all other than administrative grouping. Perhaps another video to better explain it? Thanks!

@bluescreenbrothers 5 месяцев назад

Thanks for good feedback, will look into making a episode highlighting your questions

@szotsmiklos8549 6 месяцев назад

Could you guys demo service to service use cases (like microservices)? Basically no users, only application to application calls. Also would be curious how to auto provision roles for client apps without the manual admin approval step.