One of Azure AD’s powerful concept is the application. It gives context to an authentication as we explained in this article.
An application can also be used as an authorization barrier since we can manage an application members. This is optional as by default, everyone in a tenant has access to its application. But if we opt in to control the members, only members can has access to the application, hence only members can authenticate via the application.
In this article, we’ll look at how to manage members of an application in the Portal. We’ll discuss how to automate this in a future article.
First, let’s create an application.
In the Azure Active Directory (Azure AD or AAD) blade, let’s select App Registrations, then Add.
Let’s type the following specifications:
Opt in to Manage members
If we now go into the application and select Managed Application in Local Directory:
We can select the properties tab and there we can require user assignment.
We can then assign users & groups (assigning groups require Azure AD Premium SKU).
Azure AD Application Membership, also called User Assignment, is a simple opt-in feature that allows us to control which user can use a given application.
It can be used as a simple (application-wide) authorization mechanism.