Roles
To manage the Microsoft Entra ID role objects, ensure that the following attributes are present in the group schema.
description
Specify the description of the Microsoft Entra ID role.
displayName
Specify the display name for the Microsoft Entra ID role.
id
Specify the unique identifier for the Microsoft Entra ID role.
isBuiltIn
Specify the flag indicating whether the role is part of the default set included in Microsoft Entra ID or a custom one.
isEnabled
Specify the flag indicating whether the role is enabled for assignment. If it is false, the role is not available for assignment.
rolePermissions
Specify the list of permissions included in the role.
Backward Compatibility Note
The Microsoft Entra ID connector used to support roles as entitlement attribute on accounts but there was no support to aggregate roles as new separate group / entitlement type.
With that configuration, the connector used to show ‘displayName’ of role as entitlement value on the accounts. In order to continue support displayName based role entitlements, connector supports displayName as native Identity attribute of the new role object.
There are certain limitations in using displayName as native identity attribute :
-
Duplicate displayName is allowed for roles. If duplicate display names exists in your deployment, then avoid using displayName as native identifier.
-
displayName is an editable field, so it should not be edited if used as native identifier.