Partager via

Specific authorization for application registration

Amani Sahli 11 Points de réputation
2024-09-12T10:11:43.3766667+00:00

Dear Community,

When we assign a custom roles to a specific App Registration to one user, the user has the permission to all Microsoft Entra ID( Users, groups...).

How can we assign a permission only to a specific app registration.

PS: I set this option " Restrict access to Microsoft Entra administration portal" to yes.

thank you

User's image

Microsoft Q&A
Microsoft Q&A
Utilisez cette étiquette pour partager des suggestions, des demandes de fonctionnalités et des bogues avec l'équipe Microsoft Q&A. L'équipe Microsoft Q&A évaluera régulièrement vos commentaires et fournira des mises à jour en cours de route.
186 questions
0 commentaires

1 réponse

Trier par : Le plus utile
Le plus utile Les plus récents Les plus anciens
  1. Grégory EL BAJOURY 5 Points de réputation
    2024-11-29T13:32:39.43+00:00
    1. Use Built-in Roles:
      • Microsoft Entra ID provides built-in roles that can be assigned to app registrations. For example, the Application Administrator role allows managing app registrations without giving access to all users and groups.
      • To assign a built-in role to an app registration:
      1. Go to the Microsoft Entra admin portal (https://entra.microsoft.com/).
      2. Navigate to Identity > Roles and administrators.
      3. Select the role you want to assign (e.g., Application Administrator).
      4. Click on Add assignments and select the app registration to which you want to assign the role.
    2. Use Specific API Permissions:
      • You can also use specific API permissions to restrict permissions to an app registration.
      • To configure API permissions:
      1. Go to the Microsoft Entra admin portal.
      2. Navigate to Azure Active Directory > App registrations.
      3. Select the app registration to which you want to assign permissions.
      4. Go to API permissions and click on Add a permission.
      5. Select Microsoft Graph and choose the necessary permissions (e.g., Application.ReadWrite.All).
      6. Click on Add permissions to save the changes.
    3. Restrict Access to the Microsoft Entra Administration Portal:
      • You mentioned that you set the option "Restrict access to Microsoft Entra administration portal" to "yes." This means only users with specific roles can access the administration portal. Ensure that the relevant users have the necessary roles to access the features they need.

    Example Configuration

    In the image you provided, you assigned the ReadAppReg role with the scope type Application to a specific user. This means that this user will have read permissions for app registrations, but only within the context of the specified application.

    0 commentaires

Votre réponse

Les réponses peuvent être marquées comme Réponses acceptées par l’auteur de la question, ce qui permet aux utilisateurs de connaître la réponse qui a résolu le problème de l’auteur.