How to limit access to a web app domain (http://www.website.com) to a only certain users or group in a company?

Question

How to limit access to a web app domain (http://www.website.com) to a only certain users or group in a company?

Lacy 20

The company has set up an App Service (web app) in Azure. To authenticate to the web app, a identity provider is already set up for the people in the company.

Role base access control (RBAC) is already implemented so that only certain users can make changes in the resource. However, the RBAC does not seem to apply to the web app domain and everyone in the company are still able to enter the link. I only want a certain group of people in the company to have access to the web app domain, how can I achieve that?

Dr. S. Gomathi 700 Reputation points MVP

2023-08-12T06:34:48.8133333+00:00

Hi Lacy,

It appears that you are working with Azure's web app access control. This is how it goes:

The web app requires users to check in before they can use it. Typically, this is carried out using their account and password from their employer.

Who May Utilize What:

Anyone who logs in does not automatically have access to all of the app's features. Imagine them like several rooms in a building. Some people might have the keys to every room, while others might only be able to access a few. Similar to this, your app limits what each user may do according to their group or job.

Setting the Rules: You establish rules to determine who is allowed to do what. Someone may have access to particular areas of the app if they are a manager. They may only be able to use a few features if they are not a manager. If there were any restrictions on who could utilise a feature, they would be those.

Check to see if the rules you've set up in the app are truly carrying out their intended functions.

Checking the Key Cards Again: In certain cases, the keys that users are using to enter the building rather than the programme itself are the issue. People might be using the wrong key if they are still entering when they shouldn't be. The "key" in this situation is their affiliation with the company. It can be necessary to confirm that only the proper individuals has the proper keys.

Making Certain That Everything Clicks: It resembles putting together a puzzle in some ways. Make sure that every component fits together precisely. You'll need to identify the offending element and alter it if something doesn't fit, such as everyone entering when they shouldn't.

Hope this helps.

Regards,

Dr. Gomathi
ajkuma 27,946 Reputation points Microsoft Employee

2023-08-16T05:58:48.86+00:00

@Lacy , Just checking in to see if you had got a chance to see the previous response. If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.

Accepted answer

0 additional answers

Your answer

Dr. S. Gomathi 700 Reputation points MVP

2023-08-12T06:34:48.8133333+00:00

Hi Lacy,

It appears that you are working with Azure's web app access control. This is how it goes:

The web app requires users to check in before they can use it. Typically, this is carried out using their account and password from their employer.

Who May Utilize What:

Anyone who logs in does not automatically have access to all of the app's features. Imagine them like several rooms in a building. Some people might have the keys to every room, while others might only be able to access a few. Similar to this, your app limits what each user may do according to their group or job.

Setting the Rules: You establish rules to determine who is allowed to do what. Someone may have access to particular areas of the app if they are a manager. They may only be able to use a few features if they are not a manager. If there were any restrictions on who could utilise a feature, they would be those.

Check to see if the rules you've set up in the app are truly carrying out their intended functions.

Checking the Key Cards Again: In certain cases, the keys that users are using to enter the building rather than the programme itself are the issue. People might be using the wrong key if they are still entering when they shouldn't be. The "key" in this situation is their affiliation with the company. It can be necessary to confirm that only the proper individuals has the proper keys.

Making Certain That Everything Clicks: It resembles putting together a puzzle in some ways. Make sure that every component fits together precisely. You'll need to identify the offending element and alter it if something doesn't fit, such as everyone entering when they shouldn't.

Hope this helps.

Regards,

Dr. Gomathi
ajkuma 27,946 Reputation points Microsoft Employee

2023-08-16T05:58:48.86+00:00

@Lacy , Just checking in to see if you had got a chance to see the previous response. If the answer helped (pointed, you in the right direction) > please click Accept Answer Or please share the requested/more info to help you better.

Answer 1

@Lacy ,

Based on your scenario description, you want to have only a few users be able to access the Azure WebApp (with custom domain) in your Azure AD tenant.

In this case, based on your requirement, to limit access to your web app domain to only certain users or groups in your company, you may use Azure Active Directory (Azure AD) to authenticate and authorize users instead of RBAC roles. Here are the high-level steps to achieve this:

1. Configure your web app to use Azure AD for authentication.

2. Create a security group in Azure AD for the users who should have access to the web app.

3. Configure your web app to use Azure AD for authorization and restrict access to the security group.

With these steps, only the users who are members of the security group you created will be able to access your web app domain. Other users in your company will be denied access.

Authentication and authorization in Azure App Service and Azure Functions

Kindly let us know how it goes, we will follow-up further.

If the answer helped (pointed, you in the right direction) > please click Accept Answer

Lacy 20 Reputation points

2023-08-16T07:16:55.89+00:00

Thanks, it lead me to the right direction! I also found this to be helpful Update the app to require user assignment.
ajkuma 27,946 Reputation points Microsoft Employee

2023-08-16T09:07:21.79+00:00

Glad you found the information helpful. Thanks for the update, Lacy.

Share via

How to limit access to a web app domain (http://www.website.com) to a only certain users or group in a company?

0 additional answers

Your answer