Reputation: 87
Microsoft Graph Application Manifest
I need advice: How to prevent any logins from persons outside the tenant organisation in a microsoft-graph web-app? I have to restrict the web-application only to my organisation/tenant. The Option availableToOtherTenants is already set to false. Is there a best practice or HowToDo?
Upvotes: 0
Views: 530
Answers (2)
Reputation: 87
I found the error - i was using the URLs https://login.microsoftonline.com/common/oauth2/v2.0/authorize and https://login.microsoftonline.com/common/oauth2/v2.0/token - i changed this two URLs to https://login.microsoftonline.com/my-tenant/oauth2/v2.0/authorize and everything is working as expected - only account from my tenant are able to login. Sorry, my fault.
Upvotes: 0
Reputation: 14649
After you set the availableToOtherTenants to false, the users from other tenants should not able to sign-in the application unless those users have been invited by to your tenant.
And to limit the specific users we want to allow to access that app, we can enable the User assignment required feature:
Then we need to assign the users by the users and groups of the application under Enterprise applications before the users can access that application.
Upvotes: 0
Related Questions
- How to restrict/limit Azure App Registration API permissions
- API Permissions - Microsoft Graph API
- How to limit Microsoft Graph permissions for an Azure app registration?
- How to add permissions to an App registration using graph API?
- Azure API Authentication and MSGraph
- Microsoft GRAPH api - restrict user access
- Azure Active directory API permissions
- Proper apps permissions from azure AD to grant access on Microsoft Graph
- Azure App with Web API and Microsoft Graph
- Call Microsoft Graph API - App only unauthorized error