I’m exploring azure app registration and when creating this it asks me to choose either of following options. Is there a way to allow only a specific user or user group to access this app registration?
I’m exploring azure app registration and when creating this it asks me to choose either of following options. Is there a way to allow only a specific user or user group to access this app registration?
2
Answers
Using
Role-based access control (RBAC)we can set specific permissions to specific users or groups to access and manage resources.Thanks to @Alex Simons , check the below workaround to restrict the access only for specific user or group.
In Azure AD, Create a Custom Role
Navigate to
Azure Portal=>Azure AD=>Roles and administrators=>New custom roleAdd the name and description for the Custom Role.
In Permissions tab, search with credentials keyword
OR
and click on Create to create new custom role
We need to assign the created custom role to the app which we want to restrict the users.
In Azure AD => App registrations => Select your App => Roles and administrators, here you can see the custom role which you have created
Click on the newly created custom role => Assignments => Add Assignments.Select the user and click on Add.
When I tried to access the Application with the Account which is not given permission, I got the below error
and able to access the application which I have given permission without any issues
OutPut :
I think the best solution would be to follow the steps from this post: https://edi.wang/post/2019/12/13/how-to-allow-only-selected-users-to-access-an-application-in-azure-ad.
Quick summary of the steps after creating the app registration:
Cheers