Introduction
If an app is secured with Azure AD, it is available to all the users who authenticate successfully. But we will have requirements to restrict access to specific users. This can be achieved traditionally within the application based on the roles but it is a bit complicated.
If we secure an app with Azure AD, we can get this done in a few simple steps. We will see the step by step implementation here.
Step 1
Make sure you have Global Administrator permission in your tenant. If you don’t have this access, send the below steps to the person in your organization who have enough access.
Step 2
Log in to the
Azure portal as a Global Administrator. From the Azure top banner user account, make sure to select the Tenant Directory where the Azure AD app is registered.
Step 3
In the top Azure bar search for the “Azure Active Directory”.
Step 4
From the properties left pane look for the “Enterprise applications” like below,
Step 5
In the upcoming section look for the AD application which you want, if you don’t find your application then select “All Applications” from the Application Type dropdown and use other filters also to find the application.
Step 6
Once you select the application in the upcoming screen, select “Properties” in the left menu and enable the “User assignment required” option to “Yes” and click “Save” to update this configuration change.
Now we are ready to make user assignments. In the left-hand navigation menu of the application choose “Users and groups”.
Step 8
In the upcoming screen, click “Add user” at the top.
Step 10
It will take you to the next page where you can select the users who can access the app services implemented with this specific Azure AD app authentication.
We can also manage authorization for the external users also.
Now, when any valid AD user tries to log in your Azure App Service, the user will be successfully authenticated, but when the user will be allowed to authorize the application only based on the configurations that we learned now.
Conclusion
I hope this article helps you understand how to authenticate and authorize the Azure App Service application with Azure Active Directory. If you have any questions/issues about this article, please let me know in the comments.