Azure活动目录|多租户应用 [英] Azure Active Directory | Multi-tenant Application

问题描述

在Azure AD上使用多租户应用程序时，是否有一种限制某些租户的方法?

Is there a way of restrict to certain tenants when using multi-tenant applications on Azure AD?

也许我误解了整个过程，但是我意识到另一位租户的用户可以在同意后登录我的应用程序，而我找不到找到将登录限制到我信任的一组租户的方法.

Maybe I misunderstood the whole thing but I realize that a user of another tenant can log in into my application after giving consent and I couldn't find a way to restrict that login to a group of tenants I trust.

推荐答案

我们目前没有映射到多租户应用程序的租户允许列表的应用程序配置属性.

We don't currently have an application configuration property that maps to a tenant allow list for a multi-tenant app.

您可以做的是将此功能构建到您的应用程序中-auth/JWT令牌包含tenantID(tid)作为声明.您只能在应用的允许列表中授权对已知租户的访问权限.

What you can do is build this capability into your application - the auth/JWT token contains the tenantID (tid) as a claim. You can authorize access only for known tenants in your app's allow list.

请告诉我们这是否是您希望能够通过应用程序配置页面(例如，在azure管理门户中)进行配置的功能吗?同样，很高兴在这里了解您的情况.

Please let us know if this is a feature that you want to be able to configure through an application configuration page (like in the azure management portal)? Also it would be great to understand your scenario here.

希望这会有所帮助，

这篇关于Azure活动目录|多租户应用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！