Skip to main content

Azure Active Directory- Restrict Application Access To Users or A Group

Azure Active Directory- Restrict Application Access To Users or A Group

This article will show, how you can restrict your app for the give users/group only. Once you are done with app registrations then you can use the Enterprises Application sections to provision access to allowed users only or users existing under the group.

Azure Ad Group

Azure Active Directory offers a mechanism to use groups to manage access to cloud-based web apps, on-premises apps, and other resources. For example Software as a Service (SaaS) apps, Azure services, SharePoint sites, and on-premises resources.

See this Angular 8 App With Azure Active Directory Authentication post for the step by step registrations flow if you are not aware.

Create an Azure Ad Group (Security):

  1. Log in to the Azure portal with an administrator account if you are not admin then take help from your concern admin team. (mostly normal user can not create the group)
  2. Click on the All services item on the main menu or Find Azure Active Directory in the left panel.
  3. Choose the directory you are using for the application.
  4. Choose Groups >> New Group
  5. Choose the Group Type to Security
  6. Provide a meaning full group name
  7. Add users under the member's sections that you are going to allow to access your application
  8. Click on Create button 
Create Azure Ad Security Group

How to Configure the Application?

Follow the following steps to configure your app:
  1. Log in to the Azure portal with your account(an administrator account will be required but you can take help from your Cloud Admin/DevOps Team) or as an owner of the app under Enterprise apps.
  2. Click on the All services item on the main menu or Find Azure Active Directory in the left panel.
  3. Choose the directory you are using for the application.
  4. Click on the Enterprise applications tab.
  5. Select your application from the list of applications associated with this directory.
  6. Click the Properties tab.
  7. Change the User assignment required? toggle to Yes.
  8. Click the Save button at the top of the screen.
user-assignment-required

Assign Group to App


  1. To assign group(s) to an application directly, follow the steps below:
  2. Open the Azure portal and sign in as a Global Administrator or as a non-admin application owner with an Azure AD Premium license assigned is required
  3. Select  “Azure Active Directory”  in Left Panel to open.
  4. Click Enterprise Applications from the Azure Active Directory left-hand navigation menu.
  5. Click All Applications to view a list of all your applications and filter  with your app name
  6. Select the application you want to assign a user to from the list.
  7. Click Users and Groups from the application’s left-hand navigation menu.
  8. Click the Add button on top of the Users and Groups list to open(filter your group name) the Add Assignment pane.
  9. Click the Users and groups selector from the Add Assignment pane.
Group assignment
Grant tenant-wide admin consent to an application :

 Admin consent will be required because the application will be reading the user profile on behalf of the user. Only Global admin can grant the admin consent.
Visit MSDN for more information around the Admin consent.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Make a Custom URL Shortener Using C# and .Net Core 3.1

C# and .Net Core 3.1:  Make a Custom URL Shortener Since a Random URL needs to be random and the intent is to generate short URLs that do not span more than 7 - 15 characters, the real thing is to make these short URLs random in real life too and not just a string that is used in the URLs Here is a simple clean approach to develop custom solutions Prerequisite:  Following are used in the demo.  VS CODE/VISUAL STUDIO 2019 or any Create one .Net Core Console Applications Install-Package Microsoft.AspNetCore -Version 2.2.0 Add a class file named ShortLink.cs and put this code: here we are creating two extension methods. public   static   class   ShortLink {      public   static   string   GetUrlChunk ( this   long   key ) =>            WebEncoders . Base64UrlEncode ( BitConverter . GetBytes ( key ));      public   static   long   GetK...
Post a Comment
Read more

Azure key vault with .net framework 4.8

Azure Key Vault  With .Net Framework 4.8 I was asked to migrate asp.net MVC 5 web application to Azure and I were looking for the key vault integrations and access all the secrete out from there. Azure Key Vault Config Builder Configuration builders for ASP.NET  are new in .NET Framework >=4.7.1 and .NET Core >=2.0 and allow for pulling settings from one or many sources. Config builders support a number of different sources like user secrets, environment variables and Azure Key Vault and also you can create your own config builder, to pull in configuration from your own configuration management system. Here I am going to demo Key Vault integrations with Asp.net MVC(download .net framework 4.8). You will find that it's magical, without code, changes how your app can read secretes from the key vault. Just you have to do the few configurations in your web config file. Prerequisite: Following resource are required to run/complete this demo · ...
Post a Comment
Read more

AWS FREE ASP.NET CORE (.NET 6.0) HOSTING WITH FREE SSL

  FREE ASP.NET CORE (.NET 6.0) Hosting on AWS (Amazon Web Services) Today I was able to host my asp.net 6.0  + ANGULAR 14 application  on AWS Free  Initial Setup of your AWS Account and your Computer Get ready with your asp.net core 3.1 /.net 6 application Install  "AWS toolkit for visual studio 2022" as  visual studio extensions :  it will be required to deploy smoothly from Visual Studio 2022 itself, your life will be easy. Let's finish the AWS account setup  Get signed up with: its free but it will be required a valid credit card or debit card, they will charge nothing for the free services for 1 year * https://portal.aws.amazon.com/billing/signup#/start/email AWS console  for services and offering http://console.aws.amazon.com/ Create a user in AWS Console:  IAM With the help of AWS Identity and Access Management (IAM), you can control who or what has access to the services and resources offered by AWS, centrally manage fine-grained...
Post a Comment
Read more