diff --git a/api/GetRoles/index.js b/api/GetRoles/index.js
index 8dde9f2..2061c1d 100644
--- a/api/GetRoles/index.js
+++ b/api/GetRoles/index.js
@@ -11,7 +11,7 @@ module.exports = async function (context, req) {
     const roles = [];
     
     for (const [role, groupId] of Object.entries(roleGroupMappings)) {
-        if (await isUserInGroup(groupId, user.accessToken)) {
+        if (await isUserInGroup(groupId, user.accessToken, context)) {
             roles.push(role);
         }
     }
@@ -21,7 +21,7 @@ module.exports = async function (context, req) {
     });
 }
 
-async function isUserInGroup(groupId, bearerToken) {
+async function isUserInGroup(groupId, bearerToken, context) {
     const url = new URL('https://graph.microsoft.com/v1.0/me/memberOf');
     url.searchParams.append('$filter', `id eq '${groupId}'`);
     const response = await fetch(url, {
@@ -32,6 +32,8 @@ async function isUserInGroup(groupId, bearerToken) {
     });
 
     if (response.status !== 200) {
+        const responsebody = await response.json();
+        context.log.error('Failed to query graph.microsoft.com with http status code', response.status, 'and message:', JSON.stringify(responsebody.error.message));
         return false;
     }
 
diff --git a/frontend/staticwebapp.config.json b/frontend/staticwebapp.config.json
index 8ee7c69..60fa83a 100644
--- a/frontend/staticwebapp.config.json
+++ b/frontend/staticwebapp.config.json
@@ -13,15 +13,14 @@
         "rolesSource": "/api/GetRoles",
         "identityProviders": {
             "azureActiveDirectory": {
-                "userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
                 "registration": {
-                    "openIdIssuer": "https://login.microsoftonline.com/<YOUR_AAD_TENANT_ID>",
+                    "openIdIssuer": "https://login.microsoftonline.com/<YOUR_AAD_TENANT_ID>/v2.0",
                     "clientIdSettingName": "AAD_CLIENT_ID",
                     "clientSecretSettingName": "AAD_CLIENT_SECRET"
                 },
                 "login": {
                     "loginParameters": [
-                        "resource=https://graph.microsoft.com"
+                        "scope=openid+profile+email+user.read"
                     ]
                 }
             }