User Assignment in Azure App registration-CodePudding

So, I have a WPF application, and I wanted to integrate SSO to it. I successfully made it with "App registration" under Azure.

But now I have a problem, the users under the Azure AD can successfully connect to the app, but I want to specify which users in my AD can access to this app.

I didn't find any way to do this, and I see that in "Enterprise application" we can do so.

I wanted to know if there is any way to do it with "App registration" or if I must switch to use "Enterprise Application" and if so how can I handle the authentication in my WPF app .

In my case I use this to authenticate in the wpf app with "Tenant" and "clientId" from the app registration:

PublicClientApp = PublicClientApplicationBuilder.Create(ClientId)
                .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
                .WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
                .Build();



authResult = await PublicClientApp.AcquireTokenInteractive(scopes)
                           .ExecuteAsync();

CodePudding user response：

The "registered application" is just a notification to the AAD that this application uses AAD for authentication. Once your user logs in, you can check that the user belongs to a security group that is allowed permission to use the application. There may be a better way to do this, but I check in the application itself.

CodePudding user response：

To grant access only for a specific subset of users/groups in Azure AD you should create "Enterprise Application" and assign necessary users/groups to it like in this example.

Also you will need to configure single sign-on (SSO) and ensure that app's "User assignment required" property is enabled. All the steps are described here