Automatically Adding Users to Security Groups based on Sign In

Jinki Lee 100 Reputation points
2026-07-02T16:58:58.58+00:00

In our Entra External ID tenant, we support customers from two different business units, each with its own application and login page. We would like to classify users and assign them to security groups based on the application they use to sign in.

For example:

abc.domain.com = customer belongs to the “abc” business unit

xyz.domain.com = customer belongs to the “xyz” business unit

Some customers may sign in to both applications, in which case they would belong to both business units.

What is the recommended approach or best practice for handling this scenario? Should we use a Function App to add users to the appropriate security groups after a successful sign-in (based on the App Registration Client ID)?

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.