You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/iot-central/core/howto-manage-users-roles.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,10 +27,10 @@ Every user must have a user account before they can sign in and access an applic
27
27
28
28
:::image type="content" source="media/howto-manage-users-roles/manage-users-pnp.png" alt-text="Screenshot of manage users page in IoT Central.":::
29
29
30
-
1. To add a user on the **Users** page, choose **+ Assign user**. To add a service principal on the **Users** page, choose **+ Assign service principal**. Start typing the name of the service principal to auto-populate the form.
30
+
1. To add a user on the **Users** page, choose **+ Assign user**. To add a service principal on the **Users** page, choose **+ Assign service principal**. To add an Azure Active Directory group on the **Users** page, choose **+Assign group**. Start typing the name of the Active Directory group or service principal to auto-populate the form.
31
31
32
32
> [!NOTE]
33
-
> A service principal must belong to the same Azure Active Directory tenant as the Azure subscription associated with the IoT Central application.
33
+
> A service principal and Active Directory group must belong to the same Azure Active Directory tenant as the Azure subscription associated with the IoT Central application.
34
34
35
35
1. If your application uses [organizations](howto-create-organizations.md), choose an organization to assign to the user from the **Organization** drop-down menu.
36
36
@@ -48,6 +48,12 @@ Every user must have a user account before they can sign in and access an applic
48
48
> [!NOTE]
49
49
> If a user is deleted from Azure Active Directory and then added back, they won't be able to sign into the IoT Central application. To re-enable access, the application's administrator should delete and re-add the user in the application as well.
50
50
51
+
#### Limitations
52
+
The following limitations apply to Azure Active Directory groups and Service Principals:
53
+
- Total number of AAD Groups per IoT Central application cannot be more than 20.
54
+
- Total number of unique Azure Active Directory groups from the same AAD tenant cannot be more than 200 across all IoT Central applications.
55
+
- Service Principals that are part of Azure Active Directory group won't be granted access to the application. They have to be added explicitly.
56
+
51
57
### Edit the roles and organizations that are assigned to users
52
58
53
59
Roles and organizations can't be changed after they're assigned. To change the role or organization that's assigned to a user, delete the user, and then add the user again with a different role or organization.
0 commit comments