Reputation: 3068
Azure Active Directory revoke a set of user-sessions for a given aad app-id
We have a mobile application that uses AAD authentication. We updated the privacy notice recently, and we want all our users to see the new notice.
However, the privacy notice seen check happens only during app-sign in. So we want to sign-out the users who haven't accepted the latest privacy notice of our application.
We have the list of users from to be signed out prepared from our consent db data.
Is there a REST api for AAD or a AZ-CLI command that helps us to pass-in ClientId & UPN and revoke their token.
The closest I encountered is Revoke-AzureADUserAllRefreshToken, but I do not have permission to execute the command.
Upvotes: 0
Views: 2261
Answers (1)
Reputation: 646
Here either the user has manually sing off or the other only opotion is to use the PowerShell Command to revoke the user refresh token.
Revoke-AzureADSignedInUserAllRefreshToken [] or Revoke-AzureADUserAllRefreshToken -ObjectId Or you can get more creative like for example revoking access for all members of a particular group
C:> Get-AzureADGroup -SearchString CloudSecGrp | Get-AzureADGroupMember | Revoke-AzureADUserAllRefreshToken. You need to have a Global administrator rights to execute the command
Upvotes: 2
Related Questions
- Azure Remove User Consent to API
- Delete Azure App Registration API Permission programmatically
- Azure: Revoke an access token for a user so they can't request data from a mobile back-end in Azure
- Limit AzureAD app access to certain users / groups
- Azure AD how to prevent app users from login into azure portal
- Azure AD remove permissions for registered app
- Revoking permissions for Azure AD applications
- Azure Web App logout from AAD Authentication
- How can an AzureAD application revoke consent for itself? (Remove Delegated or Application permissions)
- Azure AD: revoke authorization code?