![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 40%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOE%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
708 questions
There is no license requirement for users ( Members or guests) to create or logon to a SSO application. The application itself may have license requirements, but the access itself is not licensed: https://video2.skills-academy.com/en-us/entra/identity/enterprise-apps/add-application-portal-setup-sso#prerequisites When you say "non-active directory" , I assume you mean guests in Azure? As far as the lack of an email, an email is not required for SSO. Your app can use UserPrincipalName or any ohter unique value to auth and if it requires an email address , you could add the SAML claim in the Azure app to set UPN to EMail as a workaround for example.