Legacy vault replaced auth app-id for appRole

I have
vault auth enable app-id
vault write auth/app-id/map/app-id/APPLICATION_1 value=backend-policy display_name=APPLICATION_1

and now I have in some older vault code this mapping between app-id and user-id:

vault write auth/app-id/map/user-id/${BACKEND_USER} value=APPLICATION_1, APPLICATION_2

where user-id represents userpass

then I have for every APPLICATION

vault write auth/app-id/login/APPLICATION_1 user_id=${BACKEND_USER}

Uhh, I am trying to use new vault which even deprecates app-id for AppRole
so I have enabled again appRole this time. Equivalent command to create roles:

vault write auth/app-id/role/APPLICATION_1="backend-policy"

I can get from it role-id and secret-id for particular role.
How to make mentioned mappings between APPLICATION_1… this time roles and userpass admin?

I have tried something like this

vault write auth/approle/map/userpass/${BACKEND_USER} value=APPLICATION_1
I got route entry not found, as per my understanding mapping its to have some relation between userpass and approle, but if somebody can explain how does it work even better.
I guess that after mapping every backend application will need authenticate through userpass password.

Pleas enlight me on my DevOps way :smiley: