After you have finished the configuration of the SwiftMQ Explorer App in Azure AD and the Azure SSO app, you have four users with different rights. You also need to create a new view usage in SwiftMQ Explorer app to limit access to /sys$queuemanager/usage.

Now, access SwiftMQ Explorer app. You will be redirected to Azure AD and need to sign in with one of the four users. Repeat that will all four users. Each log-in should succeed and the users should have the permissions according to their assigned app role:

The Authentication Log in the Azure SSO app will display each successful login:

As the last test login with user noaccess and you should see this: