I have been looking all around for documentation and information regarding Azure AD multi-tenant applications in regards to who is using my application.
In Azure AD, I created an app registration and chose 'Accounts in any organizational directory (Any Azure AD directory - Multitenant)'. I do not see any way to specify which tenants I do want to allow.
I am using Application Permissions which requires Admin Consent to use the app so a Global Administrator from each tenant would have to grant consent. However, I do not see any way to look into my app and see which tenant granted consent.
Background: I have built an application that does a user directory search across two tenants. Regardless who which user logins in from either tenant, they can search for users across both. I have App Registrations set up in both tenants with client secrets to get access tokens to search each directory.
Since my directory is hosting the app to log in, each tenant needs to grant admin consent to use the app. I am trying to make sure any other tenant outside of our two tenants cannot grant consent and use our app too.
- Is there a way to restrict which tenant are allowed to use my app?
- Is there a way to look into which tenant did allow my app?
- If another org were to get ahold of my client id and grant consent, am I able to do anything to prevent them from using it?
- Can I set up notifications if another org grants consent to my app?
