I want to hide the administrative portal / enrollment process from end users, and also want to prevent this Dead End GUI from appearing, if the user is not an administrator. (the only possible user flow is to hit Back a few times... bad UX)
AADSTS90093: This operation can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators

To workaround this UX issue, I want the user to
prompt=admin_consent attributeQuestion
How can I see if the logged in user is an admin of some org, and ideally, the display names, and OrgID(s)* they are an admin of.
**I believe it's possible to be an admin of more than one AzureB2C or Azure AD directory.
To check whether the user is the admin of that tenant, we can use the Azure AD Graph REST. We can use the REST below to get all the roles/groups user assigned.
GET: https://graph.windows.net/adfei.onmicrosoft.com/me/memberOf?api-version=1.6
And if user was assigned to the Global Admin to a tenant, we can get the response like below and we can check this role using roleTemplateId property with value 62e90394-69f5-4237-9190-012177145e10.

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With