Assign administrator and non-administrator roles to users with Azure Active Directory

sign administrator and non-administrator roles to users with Azure Active Directory

If a user in your organization needs permission to manage Azure Active Directory (Azure AD) resources, you must assign the user an appropriate role in Azure AD, based on the actions the user needs permission to perform.

For more information about the available roles, see Assigning administrator roles in Azure Active Directory. For more information about adding users, see Add new users to Azure Active Directory.

Assign roles

A common way to assign Azure AD roles to a user is on the Directory role page for a user.

You can also assign roles using Privileged Identity Management (PIM). For more detailed information about how to use PIM, see Privileged Identity Management.

To assign a role to a user

1. Sign in to the Azure portal using a Global administrator account for the directory.
2. Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment. For example, Alain Charon.
3. On the Alain Charon - Profile page, select Directory role.
   The Alain Charon - Directory role page appears.
4. Select Add role, select the role to assign to Alain (for example, Application administrator), and then choose Select.
   
   The Application administrator role is assigned to Alain Charon and it appears on the Alain Charon - Directory role page.

Remove a role assignment

If you need to remove the role assignment from a user, you can also do that from the Alain Charon - Directory role page.

To remove a role assignment from a user

1. Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed. For example, Alain Charon.
2. Select Directory role, select Application administrator, and then select Remove role.
   
   The Application administrator role is removed from Alain Charon and it no longer appears on the Alain Charon - Directory role page.