1. Go to Azure Active Directory > App Registrations
For step 5, some tips/rules to follow.
- The displayName and value must be in one word, no space is allowed. I learn in hard way.
- The id can be generated using this Online GUID generator
- Also, in order to support multiple group assignment, the groupMembershipClaim in the manifest must be set to "All", the default value is null. See below:
Once this is updated, the new Role will be visible in the user/group assignment.
7. Go to Azure Directory > Enterprise App > Your App > Users and Groups > Add User
The user/group list will be displayed accordingly.
The roles setup in this way is meant for this special application only. To use the roles from Azure AD security group. I haven't check that out.