![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 84%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 0%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi @Nethra Shree ,
Thank you for reaching out the QnA community forum.
Enabling SSO:
To enable SSO for an application:
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > Enterprise applications > All applications.
- Enter the name of the existing application in the search box, and then select the application from the search results. For example, Microsoft Entra SAML Toolkit 1.
- In the Manage section of the left menu, select Single sign-on to open the Single sign-on pane for editing.
- Select SAML to open the SSO configuration page. After the application is configured, users can sign in to it by using their credentials from the Microsoft Entra tenant.
- The process of configuring an application to use Microsoft Entra ID for SAML-based SSO varies depending on the application. For any of the enterprise applications in the gallery, use the configuration guide link to find information about the steps needed to configure the application.
Restricting applications to specific users:
To update an application to require user assignment, you must be owner of the application under Enterprise apps, or be at least a Cloud Application Administrator.
- Sign in to the Microsoft Entra admin center.
- If you have access to multiple tenants, use the Directories + subscriptions filter
in the top menu to switch to the tenant containing the app registration from the Directories + subscriptions menu.
- Browse to Identity > Applications > Enterprise applications, then select All applications.
- Select the application you want to configure to require assignment. Use the filters at the top of the window to search for a specific application.
- On the application's Overview page, under Manage, select Properties.
- Locate the setting Assignment required? and set it to Yes. When this option is set to Yes, users and services attempting to access the application or services must first be assigned for this application, or they won't be able to sign-in or obtain an access token.
- Select Save on the top bar.
Once you've configured your app to enable user assignment, you can go ahead and assign the app to users and groups.
- Under Manage, select the Users and groups then select Add user/group.
- Select the Users selector.
A list of users and security groups are shown along with a textbox to search and locate a certain user or group. This screen allows you to select multiple users and groups in one go.
- Once you're done selecting the users and groups, select Select.
- (Optional) If you have defined app roles in your application, you can use the Select role option to assign the app role to the selected users and groups.
- Select Assign to complete the assignments of the app to the users and groups.
- Confirm that the users and groups you added are showing up in the updated Users and groups list.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information