Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Authorize access to web applications using OpenID Connect and Azure Active Directory

Copper Contributor

I have register my application with AD Tenant with following steps:

1. In the Azure Active Directory left menu, select App Registrations, and then select New registration.

2. Given application name and under support account types , selected the option "Accounts in this organizational directory only"

3. Provided Redirect URI.

4. Successfully register my app and integrated with AzureAD. I can able to authenticate.

5. The issue is anyone in my organization can access this app even if i have added limited users in Users and Groups section. 

6. I want to restrict my app to limited users only with permission.

7. How i will do that? My application only support OPENID authentication. No SAML support .

8. I am implementing Apache Guacamole

6 Replies
best response confirmed by Ashok_Mohanty (Copper Contributor)
Solution
Have you tried going to 'Enterprise Applications', finding your AAD App there and configuring 'User assignment required?' to Yes in Properties?





@Thijs Lecomte  Thank you so much for your help. It worked for me.  But facing another issue. I can see my app in Azure application list. https://account.activedirectory.windowsazure.com/r#/applications. But when i am clicking on my app, its throwing the following error " You cannot access this application because it has been misconfigured. Contact your IT department and include the following information: Undefined Sign-On URL for application" But when i am trying my website url in browser it is working perfectly fine. 

Have you configured all the settings in the 'authentication' tab of the app registration?

@Thijs Lecomte I am using Authorize access to web applications using OpenID Connect and Azure Active Directory 

https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-openid-connect-code

In Authentication section i have set following attributes:

1. Redirect url set properly

2. Implicit grant enabled for Access Tokens and ID Tokens

3. Supported Account Type- 

  • Accounts in this organizational directory only (PerkinElmer Inc. only - Single tenant

4. Advanced Settings:- 

     Default Client Type: 

     Treat application as a public client.
      Required for the use of the following flows where a redirect URI is not used:​ NO

@Ashok_Mohanty 

 

Have you set the Home Page URL in the 'branding' bit off the app registration?

The issue resolved now. Thanks for your help.

1 best response

Accepted Solutions
best response confirmed by Ashok_Mohanty (Copper Contributor)
Solution
Have you tried going to 'Enterprise Applications', finding your AAD App there and configuring 'User assignment required?' to Yes in Properties?





View solution in original post