Reputation: 310
How to lock an Azure web app down to a specific group of users
This should really be a basic question, but I can't find the answer anywhere.
I've got a website that I'm hosting as an Azure Web App. I've created an App Registration and I've associated the Web App with the App. Now, I'm prompted to log on before being allowed to view the web site. So far so good, but I want to lock it down so that only a specific group of users has access to the site.
I go to Enterprise Applications and I give permission the application to certain users/groups. But I can still log into the website as any user in the tenancy.
How do I ensure that only a certain group of users can log into the website?
Upvotes: 2
Views: 4386
Answers (2)
Reputation: 14376
It looks like you've discovered how to assign users and groups to the app (under Enterprise apps, in the Azure portal). These assignments are called "app role assignments". As you've also noticed, by default, app role assignment is not required in order for users to be able to sign in. However, there is a configuration which you can use to require an app role assignment.
In the Azure portal, under Azure Active Directory > Enterprise apps > (choose your app) > Properties:
(Note: Sometimes it takes a few seconds for this option to appear, when you load the Properties blade.)
And if you want to do the same thing with Azure AD PowerShell, you could do something like this:
$appId = "{the app ID}"
$servicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$appId'"
Set-AzureADServicePrincipal -ObjectId $servicePrincipal.ObjectId `
-AppRoleAssignmentRequired $true
Upvotes: 4
Reputation: 1038
Azure Websites integrates with the Role-Based Access Control (RBAC) feature. Enabling RBAC gives you greater control over whom you allow access to your resources and what level of access each person has.
Goto your app -> Access Control (IAM) -> assign roles.
Owner - Has full admin access to the site and can perform all operations.
Contributor – Can deploy code, start/stop the site, swap deployments, delete the site, etc. Cannot change pricing plan or perform some other admin functions.
Reader – Can view the website in the portal, but cannot make any changes to it.
For more details, refer Managing User Access to Specific Sites in the Azure Portal and Use Role-Based Access Control to manage access to your Azure subscription resources.
Hope this helps.
Upvotes: -1
Related Questions
- Restrict App Registration access to a specific group
- How to allow app registration to be accessed only by specific user or group?
- How to allow only few people to login into Azure Web App using AAD?
- How to restrict access of Azure App Service to only users added in user and group setting in Azure Ad?
- Limit AzureAD app access to certain users / groups
- Azure AD how to prevent app users from login into azure portal
- How do I restrict the clients that can access my Azure App Service?
- Restrict which Users are accessible with Azure AD Permissions
- Azure - restrict access to app service only
- Control access to web apps on Azure