Add a user or group to a Microsoft Entra ID app

These steps explain how to add an existing user or group to a Microsoft Entra ID app and then assign a role to that user or group.

Add an existing user or group

1. Go to Microsoft Entra ID.
2. Select Microsoft Entra ID.
3. In the left panel, select Enterprise applications.
4. Select your application.
5. In the left panel, select Users and groups.
6. At the top of the center panel, select the + Add user/group tab.
7. Under Users and groups, select None Selected. The Users and groups panel appears.
8. In the Users and groups panel, select the user or group you want to add, then select Select.
9. Confirm that each user you will be assigning to this Microsoft Entra ID app has a correct and valid email address in the Contact info section of their profile.

If the email property of the Microsoft Entra ID user is left blank, then the OIDC login attempt will not be able to link the Microsoft Entra ID user to the provisioned counterpart user in aiWARE.

Assigning roles to be provisioned

The following steps are optional. If you are mapping Microsoft Entra ID users roles to aiWARE user roles, follow these instructions to ensure that the Microsoft Entra ID roles are assigned to the aiWARE user.

Apply roles to an Entra ID user

1. In the main panel, under Select a role *, select None selected. The Select a role panel appears.
2. In the Select a role panel, select the role you created in Create a Microsoft Entra ID app role, then hit the Select button.
3. At the bottom of the center panel, select Assign. In the upper right corner, an "Application assignment succeeded" message appears.

Create role mapping

In order for the assigned Microsoft Entra ID roles to be provisioned with the user, the following additional steps are necessary.

1. Navigate to the desired Enterprise application and select Provisioning.
2. If not already selected, select Overview in the lefthand menu.
3. Select Edit provisioning from the top menu. 
4. Open the Mapping tab.
5. Select Provision Microsoft Entra ID Users.
6. Tick the Show advanced options checkbox.
7. Select the Edit attribute list for customappsso link.
8. In the table customappsso User Attributes, add a new row with the following:
   1. Name: roles
   2. Type: String
   3. Primary Key: false
   4. Required: false
   5. Multi-Value: true
9. In the upper left, click the Save button.
10. Below the table items, find and click the Add new mapping link. The Edit Attribute screen appears.
11. In the Edit Attribute screen, create the following mapping:
    1. Mapping type: Expression
    2. Expression: AppRoleAssignmentsComplex([appRoleAssignments])
    3. Target attribute: roles
12. Click the OK button. The Attribute Mapping screen will appear. Find and click the Save button.

Next steps

• Provision a user with Microsoft Entra ID via SCIM endpoints (optional)
• Provision on demand in Microsoft Entra ID (optional)
• Set up Microsoft Graph in a Microsoft Entra ID app

• Full list of steps: Microsoft Entra ID integration with Veritone apps.

• Administer aiWARE
• Identity and access management (IAM)
• Microsoft Entra ID integration
• Add a user or group to a Microsoft Entra ID app