Share via

azure groups for authorisation / authorization

Richard Scannell 426 Reputation points
2024-03-12T12:10:39.2533333+00:00

How can I use Azure Ad Groups to grant access to a MVC application in Azure AD? For example is there somewhere in the App registration where I can state that an authenticated user ( ******@MyDomain.com) needs to be a member of AAD group 'X' in order to access the application, and membership of AAD group 'Y' is needed to have the custom 'MyAppEditor' role.

I have seen tutorial based on local administration of roles, but I'd like if possible to add the claims ( & have the admin ) via AAD

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
    2024-03-13T14:34:15.52+00:00

    Hi @Richard Scannell

    Thank you for reaching out to the community forum!

    For your query. I understand that you would like to add users and group to access the application and membership of another Azure AD group is needed to have a custom role.

    To control the access of application, you can assign users and groups to the application for more information please refer Manage users and groups assignment to an application.

    Coming to custom role for group membership, you can Create and assign a custom role to your required users or groups by this way the group members will have the custom role get assigned.

    The other side about to add the claims. Yes, it is possible to add claims via Entra ID (AAD) to achieve this.

    • Sign in to the Microsoft Entra admin center
    • Browse to Identity > Applications > App registrations.
    • Choose the application for which you want to configure optional claims.
    • Under Manage, select Token configuration.
    • Select Add optional claim.
    • Select the token type you want to configure.
    • Select the optional claims to add.
    • Select Add.

    For information please refer: Configure optional claims.

    Reference: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-enterprise-apps

    https://stackoverflow.com/questions/48272345/application-access-permission-via-app-registrations-users-and-groups-azure-act

    https://stackoverflow.com/questions/77946716/grant-access-to-a-specific-group-in-azure-ad-for-an-application-is-not-working

    Thanks,
    Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.