| Display name | B2C IEF Policy Administrator | ||
|---|---|---|---|
| Id | 3edaf663-341e-4475-9f94-5c398ef6c070 | ||
| Description | Can create and manage trust framework policies in the Identity Experience Framework (IEF). | ||
| Detailed description | Users in this role have the ability to create, read, update, and delete all custom policies in Azure AD B2C and therefore have full control over the Identity Experience Framework in the relevant Azure AD B2C tenant. By editing policies, this user can establish direct federation with external identity providers, change the directory schema, change all user-facing content (HTML, CSS, JavaScript) , change the requirements to complete an authentication, create new users, send user data to external systems including full migrations, and edit all user information including sensitive fields like passwords and phone numbers. Conversely, this role cannot change the encryption keys or edit the secrets used for federation in the tenant. The B2C IEF Policy Administrator is a highly sensitive role, which should be assigned on a very limited basis for tenants in production. Activities by these users should be closely audited, especially for tenants in production. | ||
| Categories | identity | ||
| isPrivileged | False | ||
| EntraOps Tier Level | ControlPlane | ||
| #Resource Actions unique | 55 | ||
| #Resource Actions Operations unique | 55 | ||
| #Resource Actions privileged | 0 | ||
| #Resource Actions direct | 1 | ||
| Resource Actions inherited | True | ||
| #Resource Actions inherited | 54 | ||
| Resource Actions inherited from | Directory Readers (88d8e3e3-8f55-4a1e-953a-9b9898b8876b) | ||
| #Resource Actions overlap direct&inherited | 0 | ||
| Resource Actions overlap direct&inherited | |||
| #Resource Actions inherited to | 0 other Entra Id Roles | ||
| Resource Actions inherited to | n/a | ||
| #Resource Actions conditioned | 0 | ||
| #Resource Actions unconditioned | 55 | ||
| #NameSpaces | 1 | ||
| NameSpaces | microsoft.directory: 55 | ||
| Actions | allTasks: 1 read: 54 |
||
| Operations actionVerbs | GET: 54 n/a: 1 |
||
| Resource Actions where Consent Policy applies | 0 | ||
| Resource Actions / Consent Policy | n/a | ||
| JSON enriched |
|
||
| JSON raw (v1.0 endpoint) |
|
||
| JSON raw (beta endpoint) |
|