Assigning roles to enterprise applications in Azure B2C

In this post we detail how to assign roles to enterprise applications in Azure B2C, issues with assigning via PowerShell and troubleshooting.

The issue

So this is just a super quick post to document an issue that stumped me recently. I had been asked to assign the Helpdesk Administrator role to a custom enterprise app in an Azure B2C environment. The steps I had been given to follow were from this blog post and got me most of the way there.

I had issues with using MSOL initially, but managed to get around that but every time I ran the Add-MsolRoleMember cmdlet I kept getting the same error:

Error adding Service Principal to Role: This role does not exist. Check the name and try again.

The solution

As always, the simplest solution is often the best and in this case that was true again! I was able to assign the role to the enterprise applications through the Azure B2C AAD GUI. The way I did it was to:

  • Open Azure Active Directory
  • Select Roles and administrators
  • Select the relevant admin role (e.g. Helpdesk Administrator)
  • Under Assignments > press + Add Assignments
Once you have selected the relevant admin role, press Add Assignments.
  • Search for the name of the enterprise app you want to assign the role too > select it > press Add

That’s it, no need for PowerShell you can just assign the roles direct from Azure AD.