问题描述
在 Azure AD 上使用多租户应用程序时,是否可以限制某些租户?
Is there a way of restrict to certain tenants when using multi-tenant applications on Azure AD?
也许我误解了整个事情,但我意识到另一个租户的用户可以在同意后登录我的应用程序,但我找不到将登录限制为我信任的一组租户的方法.
Maybe I misunderstood the whole thing but I realize that a user of another tenant can log in into my application after giving consent and I couldn't find a way to restrict that login to a group of tenants I trust.
推荐答案
我们目前没有映射到多租户应用的租户允许列表的应用配置属性.
We don't currently have an application configuration property that maps to a tenant allow list for a multi-tenant app.
您可以做的是将此功能构建到您的应用程序中 - auth/JWT 令牌包含作为声明的tenantID (tid).您只能授权应用允许列表中的已知租户访问.
What you can do is build this capability into your application - the auth/JWT token contains the tenantID (tid) as a claim. You can authorize access only for known tenants in your app's allow list.
如果您希望能够通过应用程序配置页面(例如在 Azure 管理门户中)配置此功能,请告诉我们?在这里了解您的情况也很棒.
Please let us know if this is a feature that you want to be able to configure through an application configuration page (like in the azure management portal)? Also it would be great to understand your scenario here.
希望这会有所帮助,
这篇关于Azure 活动目录 |多租户应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!