STEP 5: Create App Roles in Azure AD
In this step you'll create app roles in Azure AD that you'll map to roles in the Illumio PCE Web Console in "Add External Groups and assign roles in the PCE Web Console".
For reference in this step, here's a list of the Global Roles available in the PCE Web Console:
Global Organization Owner
Global Administrator
Global Viewer
Globally Policy Object Provisioner
In Azure AD, go to Users and Groups and then click application registration.
Create the roles you want by clicking + Create app role and entering the required information for each role:
Display name: For example, enter one of the Global Roles that appear in the PCE Web Console.
Value: This must match the name you'll enter in the Add External Groups dialog box in "Add External Groups and assign roles in the PCE Web Console".
Description: The description will appear as help text in the app assignment and consent experiences.
Click Apply for each role that you create.
Delete the default app role msiam_access. Note that you must disable the default app role before you can delete it.
Click msiam_access to open the Edit app role panel.
Deselect Do you want to enable the app role?
Click Apply. The side panel closes.
Click msiam_access again to to open the Edit app role panel again.
Click Delete.
When you're done creating roles in Azure AD, the App roles section should look similar to this:
