I made an App in a solution with the use of a custom connector.
On Dev and Test everything went relatively fine but when moving the app to Prod Users get an error when trying to open the app.
Conclusion was that is was not possible to make a connection for the custom connector due a rights issue.
Giving permission in the admin center with the security role 'basic user' dit the trick.
My question is what is the best way to manage this security roles.
Now we use security groups in Onperm AD like GRP_SecurityRoleAPPName.
This group is then filled with usergroups that are managed by the servicedesk.
There is a sync to AAD and that AAD GRP_SecurityRoleAPPName is then added to the BasicUser security role in the admin center.
Seems thou that this is not working with nested groups so we need to add all individual Users to the BasicUser group.
What is the best way to solve that because this is not manageable with continuous changing users.
Thanks for the advise.
It will be gratefully being appreciated
Thanks, @Ionaaa , I will look into this,
I do not have admin rights on the azure AD but will ask an admin what they can du.
Dynamic Azure AD security groups should be working. You can add the AD group as a "Team" in an environment and have the option set to Members only. You can then assign Basic User and additional security roles to that team.
Don't forget to assign licenses to either users or the AD group 😉
WarrenBelz
146,731
Most Valuable Professional
RandyHayes
76,287
Super User 2024 Season 1
Pstork1
66,075
Most Valuable Professional