arusso-aboutcloud

arusso-aboutcloud / entra-rolelens

Public

Entra Role Minimizer โ€“ task-to-role and role diff tool

19
3
100% credibility
Found Apr 20, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
HTML
AI Summary

Entra RoleLens is a free web tool that suggests the minimal Microsoft Entra ID role for common admin tasks and compares permissions between roles using always-fresh data from Microsoft sources.

How It Works

1
๐Ÿ” Discover the tool

You hear about Entra RoleLens from a colleague or online search while needing the right permission for an Entra task.

2
๐ŸŒ Visit the site

Head to entrarolelens.aboutcloud.io, a simple page ready to help with Entra roles.

3
Pick your way to help
๐Ÿ“
Describe a task

Type plain words like 'reset a user's MFA' or 'manage groups'.

๐Ÿ”„
Compare roles

Select any two roles to see exactly what permissions each has that the other doesn't.

4
๐Ÿ’ก See smart suggestions

Instantly get the smallest safe role needed, a direct link to Microsoft's info, and any risk warnings.

5
๐Ÿ“Š Spot hidden details

Notice flags for new unreleased roles or permission differences that guide better choices.

โœ… Assign with confidence

Now you can give team members exactly the access they need, keeping things secure and simple.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Entra RoleLens?

Entra RoleLens is a web tool that maps plain-English tasks like "reset a user's MFA" or "view sign-in logs" to the minimum built-in Entra ID role needed, complete with Microsoft source links and privilege warnings. It also diffs any two roles side-by-side, highlighting unique permissions, shared ones, and gaps. Built as a single-page HTML app on Cloudflare Pages with a TypeScript Worker API backed by D1 SQLite, it pulls live data nightly from Graph API via passwordless OIDC.

Why is it gaining traction?

It skips the endless Microsoft docs tabs by delivering precise task-to-role matches from 200+ mappings across 36 areas, plus early detection of shadow roles in Graph before docs update. The role diff shines for auditing "Entra role assignable group" vs. "Entra role groups," or spotting changes in "Entra role authentication administrator" permissions. Zero-cost Cloudflare stack keeps it fast (<5ms queries) and always fresh, with a simple search API for embedding in GitHub Entra SSO dashboards.

Who should use this?

Entra admins minimizing assignments for tasks like "Entra role to reset MFA" or "Entra role user administrator" without over-privileging. DevOps teams handling GitHub Entra ID integration, SCIM provisioning, or SSO logins need the diff for eligible vs. active role comparisons. Identity engineers auditing "Entra roles and permissions" in PIM setups.

Verdict

Solid for daily Entra role lookupsโ€”bookmark the live site and API. At 19 stars and 1.0% credibility, it's early-stage with excellent docs but light on community tests; contribute mappings via PRs to build trust.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.