Azure App service authentication using AD login

Azuretech 90 Reputation points
2023-05-10T15:59:25.0366667+00:00

we have created one app service (running locally at moment),will deploy in azure.

also we have created an app registration to access it which is pointing as below.

But when We try to open the URL , it's asking for justification and approval as below.

Who can approve it?

Could you please let us know what is the recommended process so that AD users can access the app using their AD authentication .

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,196 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ajkuma 23,826 Reputation points Microsoft Employee
    2023-05-11T10:58:22.53+00:00

    @Azuretech ,

    Based on my understanding of your scenario, it seems that you have created an Azure AD app registration and configured it to require approval for user consent. This means that when a user tries to access your app, they will be prompted to provide a justification for why they need to access the app, and the request will need to be approved by an administrator before the user can access the app.

    Just to clarify, Are you the owner/admin of the subscription?

    Have you  tried the steps outlined in this docs:

    Tutorial: Add app authentication to your web app running on Azure App Service
    Configure your App Service or Azure Functions app to use Azure AD login  (See option 1 and Option 2)

    To allow AD users to access your app using their AD authentication without requiring approval for user consent, you can follow these steps:

    Remove the requirement for user consent approval, from Azure portal, go to your app registration and navigate to the "Authentication" section. Under "User consent settings", set "User can consent to apps accessing company data on their behalf" to "Yes". This will remove the requirement for user consent approval.

    Configure your app to use Azure AD authentication and grant permissions to your app: In the Azure portal, go to your app registration and navigate to the "API permissions" section. Add the required permissions for your app to access the necessary resources in Azure AD.

    Also, make sure that your app is configured to use the correct Azure AD tenant. You can specify the tenant ID in your app's configuration or use the default tenant for your Azure subscription.

    Example:

    1.    For App registration > Supported account types, select Current tenant-single tenant.

    2.    To allow accounts from other tenants, change the 'Issuer URL' to 'https://login.microsoftonline.com/common/v2.0' by editing your 'Identity Provider' from the 'Authentication' blade.

    For more info, please checkout:   Authentication and authorization in Azure App Service and Azure Functions

    Kindly let me know, I'll follow-up further. Thanks!

    1 person found this answer helpful.
    0 comments No comments