Reputation: 669
Bypassing role based AAD access in Azure?
We have a multi tenant ASP.NET MVC application *.foo.com hosted in Azure. We also have setup approles for this. Here is what I want to achieve:
- Allow users from external tenants to login as long as they are assigned a role defined by us.
- Allow all employees of 'foo' to login irrespective of role assigned, as we don't want to assign every single person a role.
Does anyone know if the requirements above can be met using a single aad app? Only other option I can think of is having 2 aad apps where first one will be a multitenant app for external users and role based while second one will be a single tenant app for internal users.
Any help is appreciated!
Thanks
Upvotes: 0
Views: 190
Answers (1)
Reputation: 27528
You could use one multi tenant app to achieve your two requirements .
Requirement 1 : After user from a different tenant consent the application ,a representation of the application called a service principal is created in the user’s tenant ,you would find the provisioned application under Enterprise applications . Then admin could assign role to users in external tenant :
click on the Users tab. Select any userand assign the user to an Application Role.
Requirement 2 : If you set User assignment required? setting to false , then anyone in current tenant could access the application by default . You could find the setting in Enterprise applications-->Your application -->Properties .
Upvotes: 1
Related Questions
- Permission Based instead of Role Based
- azure role : owner, global administrator AAD
- Enable rbac and aad on existing aks
- Azure RBAC Permission
- How to create custom RBAC/ABAC role in Azure?
- Azure RBAC Custom Roles
- Resource based authorization with Azure AD?
- Azure RBAC Permissions Tree?
- RBAC access in Azure Web App
- Azure Active Directory - Role based Store Manager