Manage Users and Role Assignments

5.4 Manage Users and Role Assignments

Create an end user called Emma in Microsoft Entra ID and assign her the EMPLOYEE application role.

Create the user.
1. On the Microsoft Entra portal's Home page, click Users in the left navigation pane under Entra ID.
  The Users page opens.
2. Click New user, and then Create new user.
3. On the Create new user page, enter the following details:
  - User principal name: emma@<your-directory>.onmicrosoft.com
  - Display name: emma
  - Password: Set a password for the user
  - Account enabled: Leave this field checked
  Click Review + create, and then click Create. From the Users page, copy Emma's full user principal name (UPN).
Assign the user to the Spring Boot application in Entra ID to enable sign-in.
Select the specific application role to define their data access privileges (for example, EMPLOYEE).
1. In the left navigation pane under Entra ID, click Enterprise apps, and then select EmployeeRecordsAPI.
2. Click Assign users and groups in the Getting Started section of the application’s Overview page.
3. On the Users and groups page, click Add user/group to assign a user to the application.
4. On the Add Assignment page, perform the following actions:
  1. Select Emma under Users.
  2. Select EMPLOYEE under Select a role.
  3. Click Assign.
Initialize Microsoft Entra ID users.
New users you create in Microsoft Entra ID have temporary passwords. Update these to permanent passwords in a browser before attempting to test this example scenario.
1. Open a private or incognito browser window.
2. Go to https://myapps.microsoft.com.
3. Sign in as Emma using the user principal name (emma@<your-directory>.onmicrosoft.com) and the temporary password, then change the password.
4. If the sign-in flow requires additional security, follow the prompts to configure the Microsoft Authenticator application as your second verification method.
  When the My Apps dashboard appears, close the browser. The user is now active.