Use Microsoft Entra ID roles claims

The Neptune DXP - Open Edition only supports the Microsoft Entra ID “roles” claim in ID tokens.

The “wids” claim that contains object IDs of general Microsoft Entra ID roles, is not supported.

This procedure describes configuration aspects of the Neptune DXP - Open Edition authentication settings. As these directly affect the system security, these configuration steps must be thoroughly tested in an appropriate test environment.

Prerequisites

  1. You have created an enterprise application / app registration in Microsoft Entra ID.

  2. You have configured an authentication method of type “Microsoft Entra ID” on the Neptune DXP - Open Edition system using this app registration.

  3. You have defined the identically named roles in the Neptune DXP - Open Edition system that you expect in the token claims.

Procedure

  1. Sign in to the Microsoft Azure Portal.

  2. To define app roles for the application registered for the Neptune DXP - Open Edition authentication, select App registrations<Your Application>ManageApp rolesCreate app role.

  3. In the Create app role details screen, select Users/Groups for Allowed member types and fill in the remaining required fields.

  4. Decide whether you want to enable the app role right away or later and apply your changes.

  5. To assign the configured roles to users/groups within the enterprise application, select Enterprise Applications<Your Application>ManageUsers and GroupsAdd User/Group.

  6. In the Add Assignment detail screen, first select users/groups to which a role should be assigned to by selecting None Selected.

    groups and roles none selected

  7. In the “Add Assignment” screen, select a role to be assigned (by selecting “None Selected”). At the moment, only one role can be assigned at the time. The previous assignment steps need to be repeated to assign additional roles.

  8. Complete the assignment by selecting “Assign”.

Related topics