All geek questions in one place

Azure Active Directory | Multi-user application

Is there a way to limit certain tenants when using multi-tenant apps in Azure AD?

Perhaps I did not understand all this at all, but I understand that a user of another tenant can log into my application after obtaining consent, and I could not find a way to restrict this entry to a group of tenants that I trust.

+5
source share
2 answers

We currently do not have an application configuration property that maps to a tenant permission list for a multi-tenant application.

What you can do is create this feature in your application - the auth / JWT token contains the identifier tenantID (tid) as a claim. You can allow access only to known tenants in the list of use permits.

Please tell us if this is the function that you want to configure on the application configuration page (for example, on the azure control portal)? It would also be great to understand your scenario here.

Hope this helps,

+4
source

Although this feature is not available today in Azure AD, you can implement this scenario if you add Auth0 to the mix. Auth0 supports multi-tasking Azure AD applications as a connection for your applications and using the rules mechanism , you can write rules to restrict access to a specific application based on the Azure AD tenant.

Here is an example of how such a rule (which runs in the Auth0 authentication pipeline, after authenticating the user in Azure AD and before the user can access your application):

function (user, context, callback) { if(context.clientName !== 'NameOfTheAppWithWhiteList'){ var whitelist = [ 'tenantId1', 'tenantId2' ]; //authorized Azure AD tenants. var userHasAccess = whitelist.some( function (tenantId) { return tenantId === user.tenantid; }); if (!userHasAccess) { return callback(new UnauthorizedError('Access denied.')); } } callback(null, user, context); }

Disclaimer I work for Auth0.

+2
source

Source: https://habr.com/ru/post/1215626/

More articles:


All Articles