This article explains how to grant privileges to Azure AD users by assigning Application Roles for the XplicitTrust Network Access Azure AD Enterprise Application.
The Azure AD enterprise application XplicitTrust Network Access defines two roles:
- The Management.User role grants the user the right to log in with the XplicitTrust Network Access Agent and access Assets according to the configured Policies.
- The Management.Admin role grants the user the right to log in with the XplicitTrust Network Access Management Console.
Assign an Application Role
To assign an Application Role to Users and Groups in MS Azure Active Directory:
- Login to MS Azure and navigate to Azure Active Directory
- Visit https://portal.azure.com
- Click the Azure Active Directory button.
- Navigate to the XplicitTrust Network Access Enterprise Application
- In the side menu click Enterprise applications
- Search for XplicitTrust Network Access and click on the table entry
- Assign the XplicitTrust Network Access Management.Admin or the Management.User Application Role
- In the side menu click Users and groups
- Click + Add user/group
- Under Users or Groups click None Selected
- Select the users/groups you want to grant admin access and click Select
- Under Select a role click None Selected, select the role Management.Admin or Management.User, and click Select
- Click Assign