Users and groups support for Azure AD App Registration

1
votes

Quick question with regards to App registration vs Enterprise applications, in order to control who can access a custom developed application:

  • When one registers a new app in the App registration blade and selects organizational directory only, Azure does not allow to restrict this app to a few select users and/or groups within this tenant; with this the approach is to solve this within the app, by using the exposed claims (groups, app roles, etc.). Correct?
  • When one registers the same app by using the Enterprise applications blade, the user and groups and also conditional access feature can be used in order to restrict who can access the app. Correct?
1
azureazure-active-directory

1 Answers

1
votes

You can restrict access to custom apps in the same way. An "enterprise application" aka service principal is always created for app registrations. If you open the app registration, you can click "Managed application in local directory" to navigate to the service principal.

That's this link in the bottom right of the image:

Link to managed application in local directory on overview page of app registration

From there you can decide which users should be allowed to log in etc.