I have given an external user access to a full resource group in Azure using these instructions:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users, with the exception of connecting a specific app (like the Salesforce app in the example).
The external user says they cannot access it.
When I check the rights assignments within Azure, the user has "Contributor" role to the entire Resource Group.
Did I do something wrong (i.e., I need to do something else) or should this be sufficient?