Restrict App Registration access to a specific group

Question

I'm building a web app that uses Azure Active Directory has a signin method. In Azure, I'm looking to restrict the access to my app to only a specific group of users. I can't find how to do this in the Azure portal and would appreciate some pointers.

Here's my setup. I want to restraint access of My Application to only users that are members of Group 1.

Answer 1

Although its been a few years since this question was asked, maybe this answer helps someone with the same problem.

I think the best solution would be to follow the steps from this post: https://edi.wang/post/2019/12/13/how-to-allow-only-selected-users-to-access-an-application-in-azure-ad.

Quick summary of the steps after creating the app registration:

1. Go to Azure AD -> Enterprise applications -> YOUR APP -> properties
2. Select Assignment required -> Yes
3. Go to Azure AD -> Enterprise applications -> YOUR APP -> Users and Groups
4. Select the Users and Groups who should be able to login into your app

Answer 2

For a simple single active directory scenario with a paid-for AAD instance (which is what allows you to use groups) you can use the Authentication/Authorization option on the web blade to turn on automatic auth and then use the web app registration to grant the group access. This is a fairly decent write up.

In a multi-tenant scenario you can take the programmatic approach by modifying the app registration manifest file to include security groups and then check membership on the fly as users log in. Here is an official MS sample.