Reputation: 9654
How to allow app registration to be accessed only by specific user or group?
I'm exploring azure app registration and when creating this it asks me to choose either of following options. Is there a way to allow only a specific user or user group to access this app registration?
Upvotes: 1
Views: 8316
Answers (2)
Reputation: 426
I think the best solution would be to follow the steps from this post: https://edi.wang/post/2019/12/13/how-to-allow-only-selected-users-to-access-an-application-in-azure-ad.
Quick summary of the steps after creating the app registration:
- Go to Azure AD -> Enterprise applications -> YOUR APP -> properties
- Select Assignment required -> Yes
- Go to Azure AD -> Enterprise applications -> YOUR APP -> Users and Groups
- Select the Users and Groups who should be able to login into your app
Cheers
Upvotes: 1
Reputation: 7297
Using Role-based access control (RBAC) we can set specific permissions to specific users or groups to access and manage resources.
Thanks to @Alex Simons , check the below workaround to restrict the access only for specific user or group.
In Azure AD, Create a Custom Role
Navigate to Azure Portal => Azure AD => Roles and administrators => New custom role
Add the name and description for the Custom Role.
In Permissions tab, search with credentials keyword
- If you want to restrict a specific user, select below Permission
microsoft.directory/applications/credentials/update
OR
- If you want to restrict user group, select below Permission
microsoft.directory/applications.myOrganization/credentials/update
and click on Create to create new custom role
We need to assign the created custom role to the app which we want to restrict the users.
In Azure AD => App registrations => Select your App => Roles and administrators, here you can see the custom role which you have created
Click on the newly created custom role => Assignments => Add Assignments.Select the user and click on Add.
When I tried to access the Application with the Account which is not given permission, I got the below error
and able to access the application which I have given permission without any issues
OutPut :
Upvotes: 1
Related Questions
- Restrict App Registration access to a specific group
- Azure app registration for authenticating to different resources
- Registering an app permission in SharePoint
- How to restrict/limit Azure App Registration API permissions
- .NET Core Azure AD App Registration -- Allow access via groups
- Restricting claims in Azure App Registration?
- How to restrict access of Azure App Service to only users added in user and group setting in Azure Ad?
- Limit AzureAD app access to certain users / groups
- Shared access to app registrations on apps.dev.microsoft.com?
- Application access permission via App Registrations, Users and Groups, Azure Active Directory