Forum Discussion
Implementing IAM on apps
- Oct 22, 2021
Hi vasileios666,
You can achieve this by following the same steps. While your app registration will need to be inside your own tenant, the scope of users it supports does not.
Here is a link to Sign in any Azure Active Directory user using the multi-tenant application pattern
There are a few tweaks to the config, but you basically use the /common endpoints instead of your tenant endpoints. That way it will work for any Microsoft account.
Here is an example of this in action.
You can also configure this with the no-code authentication and root authorization in the App Service:
Many Thanks
Omar
Hi vasileios666
I have assumed when you say Azure Native you are talking about an Azure App Service. Let me know if something different.
If you are deploying an Azure App Service you typically want to use OAuth or OpenID to authorize your user in the application by their AzureAD account.
To do this, you must register a new 'Application' in AzureAD. This provides the configuration to allow your Web App to authenticate and authorize your users. Against this Application Registration entry, you can create 'App Roles'. Finally, you can assign your users to these 'App Roles'. The App Roles are optional if you want to create finer-grained access levels in Azure AD.
When you configure this on your Azure App Service, you can either set it up in the portal (where every user accessing the App will first be routed to AzureAD to sign in), or you can leave your App as public access and configure an Identity Provider in your application code to protect specific portions of your site.
Shameless plug: I have a Udemy course on consuming Identity Providers if you decide to develop that within your app rather than just switching it on at the App Service resource level.
See:
Configure AzureAD Authentication - Azure App Services
Microsoft Identity Platform for Developers
Good luck,
Omar
- vasileios666Oct 22, 2021Copper Contributor
Hi omarmciver ,
Thanks a lot for that! I don't want the consumption to be limited to the same Azure AD only but for any Microsoft account (personal, work or otherwise).
- omarmciverOct 22, 2021Brass Contributor
Hi vasileios666,
You can achieve this by following the same steps. While your app registration will need to be inside your own tenant, the scope of users it supports does not.
Here is a link to Sign in any Azure Active Directory user using the multi-tenant application pattern
There are a few tweaks to the config, but you basically use the /common endpoints instead of your tenant endpoints. That way it will work for any Microsoft account.
Here is an example of this in action.
You can also configure this with the no-code authentication and root authorization in the App Service:
Many Thanks
Omar