Assigning all users to an Azure AD Enterprise app registration

Have you ever tried to create an AzureAD application to give SSO access to an OnPrem application? I had to do it with an SAP application, the process it is straightforward, but what about giving permission to end users?

You can give nominal permission to each user who needs to access to the app or even group, but you must be aware about group limitations:

Group-based assignment is supported only for security groups. Nested group memberships are not supported for group-based assignment to applications at this time.

My Customer had a complex role based user permission model, so it was impossible for them for using AD/AAD groups. The workaround it is not being granular giving user permissions, it is to grant Everyone access to the app registration. To do this, we must select the “User assignment required” option in the “Properties” blade on the enterprise side of the app registration to no, which allows all logged in users to have access to the service.

Doing this, we rely on the permission given to the app to access

Easy solution, problem solved, till next time!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s