Managing external identities to enable secure access for partners, customers, and other non-employees
Automatically Adding Users to Security Groups based on Sign In
In our Entra External ID tenant, we support customers from two different business units, each with its own application and login page. We would like to classify users and assign them to security groups based on the application they use to sign in.
For example:
abc.domain.com = customer belongs to the “abc” business unit
xyz.domain.com = customer belongs to the “xyz” business unit
Some customers may sign in to both applications, in which case they would belong to both business units.
What is the recommended approach or best practice for handling this scenario? Should we use a Function App to add users to the appropriate security groups after a successful sign-in (based on the App Registration Client ID)?