Merge pull request #25449 from msewaweru/authflowpolicy-entraroles

FaithOmbongi · web-flow · commit 3ed7955d7603 · 2025-01-20T13:18:47.000+03:00
Add Entra roles for authentication flow policy
diff --git a/api-reference/beta/api/authenticationflowspolicy-get.md b/api-reference/beta/api/authenticationflowspolicy-get.md
@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-read](../includes/rbac-for-apis/rbac-authentication-flow-policy-read.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/beta/api/authenticationflowspolicy-update.md b/api-reference/beta/api/authenticationflowspolicy-update.md
@@ -24,6 +24,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-update-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-update](../includes/rbac-for-apis/rbac-authentication-flow-policy-update.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md b/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md
@@ -0,0 +1,14 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
+> - External Identity Provider Administrator
+> - Application Administrator
+> - Security Administrator
+> - Security Reader
+> - Global Reader
+
diff --git a/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md b/api-reference/beta/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md
@@ -0,0 +1,8 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
diff --git a/api-reference/v1.0/api/authenticationflowspolicy-get.md b/api-reference/v1.0/api/authenticationflowspolicy-get.md
@@ -23,6 +23,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-get-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-read](../includes/rbac-for-apis/rbac-authentication-flow-policy-read.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/v1.0/api/authenticationflowspolicy-update.md b/api-reference/v1.0/api/authenticationflowspolicy-update.md
@@ -23,6 +23,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "authenticationflowspolicy_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/authenticationflowspolicy-update-permissions.md)]
 
+[!INCLUDE [rbac-authentication-flow-policy-update](../includes/rbac-for-apis/rbac-authentication-flow-policy-update.md)]
+
 ## HTTP request
 
 <!-- {
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-read.md
@@ -0,0 +1,13 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
+> - External Identity Provider Administrator
+> - Application Administrator
+> - Security Administrator
+> - Security Reader
+> - Global Reader
diff --git a/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md b/api-reference/v1.0/includes/rbac-for-apis/rbac-authentication-flow-policy-update.md
@@ -0,0 +1,8 @@
+---
+author: msewaweru
+ms.topic: include
+---
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - External ID User Flow Administrator
