Application Role Attributes

If you want to configure filters for Application Roles, you need to add the following attribute to the application Debug page:

<entry key="spnAppRoleFilter" value="servicePrincipalType eq 'Application'"/>

Enter filter statements to ensure that only the correct Application roles are included in the group aggregation. The default filter is servicePrincipalType eq 'Application'

Object Type - applicationRole

Schema Attribute Name

Type

Description

id

String

This is the unique identifier for Application Role.

This is the nativeIdentity attribute.

This id is a concatenation of:

resourceId:appRoleId

Where, resourceId is the ID of SPN, and appRoleId is the ID for the appRole within that SPN.

For example, 70b32868-8393-4c4e-99fc-916710f62412:6f445064-b311-4d3e-a869-e024e787d6a9

displayName

String

This is the display name of the Application Role.

Just like id, displayName is a concatenation of:

resource-DisplayName: appRole-DisplayName

For example, if an SPN with displayName TestSPN, has an appRole defined with name Engineer, then the displayName for appRole after concatenation would be TestSPN:Engineer

spn_description

String

This is the description for the SPN.

appRole_description

String

This is the description for the appRole.

allowedMemberTypes

String

Multi

Displays the types of members that this role can be assigned to. For example, Users,Groups,Applications

isEnabled

boolean

Displays whether the appRoles is enabled or disabled.

value

String