Application Access

Welcome to the Roles and Access documentation for AZExecute. This guide provides detailed information on how to assign roles and manage access within the application.

Role Assignment and Access Control

By default, all users can log in to the application unless specifically restricted by the tenant's administrator. AZExecute uses Microsoft's MSAL library, ensuring compliance with your organization's access controls, including conditional access, MFA, and overall Azure RBAC.

The first user to log into AZExecute from a given tenant is assigned the TenantAdmin role. This role provides full administrative rights within the application.

---

---

Assigning Users and Groups in Azure

Roles within AZExecute are primarily managed from within the application by users with the TenantAdmin role. However, it is also possible to override these roles using Azure's role assignment for Enterprise Applications. Assigning a role to a user in Azure will override the role assigned within AZExecute, with the tenant's Azure settings taking precedence.

To assign users and groups access to AZExecute, navigate to the Azure portal and select the Enterprise Application. From there, go to the "Users and groups" section.

Provide specific users and groups with the necessary roles to access the application. This step is crucial for managing who can access and administer AZExecute.

Managing User Access within AZExecute

Once users have logged into the application, their access can be managed from the "System Access" section within AZExecute. TenantAdmins can assign roles such as User or Operator to other users.

For instance, a user can be assigned the "TenantAdmin" role to grant them full access or the "Operator" role for more restricted access.