How to restrict user login limited to specific domain. (for ex: microsoft.com)

Question

Hi,

I want to restrict user must login only with .microsoft.com domain name.

He /She should not log in with another domain name.

Is there any API/SDK for the same.

Answer 1

Hello @JyotiTumsare-6484

For this purpose, you need to configure tenant restriction via your proxy device. You need to configure your proxy device to inject Restrict-Access-To-Tenants: <permitted tenant list> to the header of your data and Azure AD will only issue tokens for the tenants in the permitted tenants list. You can test this solution using Fiddler tool as well. Please find below the document for more details:

https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

---

Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

Answer 2

Hello @ I have used the NodeJS Quickstart Application for the Single Sign on.

This redirect me to Microsoft login

This allow me to login with every domain for ex. click2cloud.net and may more but, I just want to login with only @microsoft.com domain.

How can I restrict for the specific domain? Please help us for the same.

I follow below docs , is it helpful?

Answer 3

@AmanpreetSingh-MSFT The Restrict-Access-To-Tenants header is not working as expected. I am using fiddler to test the behaviour and its allowing me to enter user with other domain name other than the ones specified in Restrict-Access-To-Tenants header.

Can you please help on the same?

Answer 4

@AmanpreetSingh-MSFT I am using my Organization Azure AD for Multi tenant Microsoft Login and created a multi-tenant app registration for the same. The requirement is to allow users from only few domains to login. Like I mentioned in the above comment, its not working as expected.