Authorize access to web applications using OpenID Connect and Azure Active Directory

New Contributor

I have register my application with AD Tenant with following steps:

1. In the Azure Active Directory left menu, select App Registrations, and then select New registration.

2. Given application name and under support account types , selected the option "Accounts in this organizational directory only"

3. Provided Redirect URI.

4. Successfully register my app and integrated with AzureAD. I can able to authenticate.

5. The issue is anyone in my organization can access this app even if i have added limited users in Users and Groups section. 

6. I want to restrict my app to limited users only with permission.

7. How i will do that? My application only support OPENID authentication. No SAML support .

8. I am implementing Apache Guacamole

6 Replies
best response confirmed by Ashok_Mohanty (New Contributor)
Have you tried going to 'Enterprise Applications', finding your AAD App there and configuring 'User assignment required?' to Yes in Properties?

@Thijs Lecomte  Thank you so much for your help. It worked for me.  But facing another issue. I can see my app in Azure application list. But when i am clicking on my app, its throwing the following error " You cannot access this application because it has been misconfigured. Contact your IT department and include the following information: Undefined Sign-On URL for application" But when i am trying my website url in browser it is working perfectly fine. 

Have you configured all the settings in the 'authentication' tab of the app registration?

@Thijs Lecomte I am using Authorize access to web applications using OpenID Connect and Azure Active Directory

In Authentication section i have set following attributes:

1. Redirect url set properly

2. Implicit grant enabled for Access Tokens and ID Tokens

3. Supported Account Type- 

  • Accounts in this organizational directory only (PerkinElmer Inc. only - Single tenant

4. Advanced Settings:- 

     Default Client Type: 

     Treat application as a public client.
      Required for the use of the following flows where a redirect URI is not used:​ NO



Have you set the Home Page URL in the 'branding' bit off the app registration?

The issue resolved now. Thanks for your help.