CODEWITHSUNDEEP
azure-active-directory
Mark Davidson
Mark Davidson

Reputation: 33

Azure AD Enterprise Application - Application Role mapping

The manifest for an App registration in Azure AD looks like the below.

"allowedMemberTypes": [
    "User"
],
    "description": "DocuSign Admin",
    "displayName": "DocuSign Admin",
    "id": "{GUID}",
    "isEnabled": true,
    "lang": null,
    "origin": "Application",
    "value": "42036433"

When I map the attribute under provisioning using SingleAppRoleAssignment([appRoleAssignments] it returns the name of the role instead of the value. I have to use an expression like Switch(SingleAppRoleAssignment([appRoleAssignments]), "42036435", "DocuSign Sender", "42036434", "DocuSign Admin", "42036433") in order for the role to provision correctly.

The Enterprise Application for Zoom expects the name of the role so it works fine, but DocuSign expects the DocuSign Permission Profile ID instead of the name so it doesn't work correctly.

Is there a way to have the mapping return the actual value of the role instead of the name?

Upvotes: 2

Views: 3661

Answers (1)

alphaz18
alphaz18

Reputation: 2766

as per here: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes#provisioning-a-role-to-a-scim-app I don't have an docusign sub to test, but try this in the target attribute as per the doc. roles[primary eq "True"].value

you can also try the AppRoleAssignmentsComplex([appRoleAssignments]) as the output seems to include displayname and value.

Hopefully one of these 2 options does what you want.

Upvotes: 2

Related Questions