4.3 Manage Users and Role Assignments in Microsoft Entra ID

Create two test users and assign them distinct application roles to simulate an organizational hierarchy in a sample HR application schema.

  1. Create new test users in your Microsoft Entra ID domain.
    1. On the Microsoft Entra portal's Home page, click Users in the left navigation pane under Entra ID.
      The Users page opens.
    2. Click New user, and then Create new user.
    3. Create the first user (Marvin) with the following details:
      • User principal name: marvin@<your-directory>.onmicrosoft.com
      • Display name: marvin
      • Password: Set a password for the user
      • Account enabled: Leave this field checked

      Click Review + create, and then click Create. From the Users page, copy Marvin's full user principal name (UPN).

    4. Create the second user (Emma) with the following details:
      • User principal name: emma@<your-directory>.onmicrosoft.com
      • Display name: emma
      • Password: Set a password for the user
      • Account enabled: Leave this field checked

      Click Review + create, and then click Create. From the Users page, copy Emma's full user principal name (UPN).

  2. Assign users to the database application in Entra ID to enable sign-in.
    Select specific application roles to define their data access privileges (manager or employee).
    1. In the left navigation pane under Entra ID, click Enterprise apps, and then select OracleDB_Resource.
    2. Click Assign users and groups in the Getting Started section of the application’s Overview page.
    3. On the Users and groups page, click Add user/group to assign a new user to the application.
    4. To assign Marvin, perform the following actions:
      1. Select Marvin under Users.
      2. Select Manager under Select a role.
      3. Click Assign.
      4. Repeat the steps for Marvin, but this time, add the Employee role.
    5. To assign Emma, perform the following actions:
      1. Select Emma under Users.
      2. Select Employee under Select a role.
      3. Click Assign.
  3. Initialize Microsoft Entra ID users.
    New users you created in Microsoft Entra ID have temporary passwords. Update these to permanent passwords in a browser before attempting to sign in with SQL*Plus, as SQL*Plus cannot handle the Force Change Password prompt.
    1. Open a private or incognito browser window.
    2. Go to https://myapps.microsoft.com.
    3. Sign in as Marvin using the user principal name (marvin@<your-directory>.onmicrosoft.com) and the temporary password, then change the password.
    4. If the sign-in flow requires additional security, follow the prompts to configure the Microsoft Authenticator app as your second verification method.
      When the My Apps dashboard appears, close the browser. The user is now active.
    5. Repeat the previous steps to set a permanent password to Emma.