Just to close the loop - it was an issue with the app Azure registration and permissions (read, user error :)) - the api permissions and consent were not what they needed to be. 


Once I unregistered and re-registered the application and acknowledged and gave consent for the appropriate permissions, the gateway user and gateway admin roles became available for assignment as advertised. 





We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE