question

JyotiTumsare-6484 avatar image
0 Votes"
JyotiTumsare-6484 asked Santhoshkumar-9447 edited

How to restrict user login limited to specific domain. (for ex: microsoft.com)

Hi,

I want to restrict user must login only with .microsoft.com domain name.

He /She should not log in with another domain name.

Is there any API/SDK for the same.

azure-ad-single-sign-on
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hello @JyotiTumsare-6484


For this purpose, you need to configure tenant restriction via your proxy device. You need to configure your proxy device to inject Restrict-Access-To-Tenants: <permitted tenant list> to the header of your data and Azure AD will only issue tokens for the tenants in the permitted tenants list. You can test this solution using Fiddler tool as well. Please find below the document for more details:


https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions




Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RohitGavfale-4336 avatar image
0 Votes"
RohitGavfale-4336 answered amanpreetsingh-msft commented

Hello @ I have used the NodeJS Quickstart Application for the Single Sign on. 10373-nodejs.png


This redirect me to Microsoft login


10323-microsoft-login.png This allow me to login with every domain for ex. click2cloud.net and may more but, I just want to login with only @microsoft.com domain.


How can I restrict for the specific domain? Please help us for the same.


I follow below docs , is it helpful?


10324-specific-domain.png



nodejs.png (37.7 KiB)
microsoft-login.png (93.8 KiB)
specific-domain.png (34.2 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RohitGavfale-4336 The setting is to restrict adding guest users from specified target domains. This will not restrict sign-ins to a specific tenant. You would need to configure Tenant Restrictions with the help of proxy device that connect you to internet. This is a network specific setting and is designed to restrict access to limited tenants or specific tenant within corporate network.

Read more: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/tenant-restrictions

0 Votes 0 ·
Santhoshkumar-9447 avatar image
0 Votes"
Santhoshkumar-9447 answered Santhoshkumar-9447 edited

@amanpreetsingh-msft The Restrict-Access-To-Tenants header is not working as expected. I am using fiddler to test the behaviour and its allowing me to enter user with other domain name other than the ones specified in Restrict-Access-To-Tenants header.

Can you please help on the same?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Santhoshkumar-9447 avatar image
0 Votes"
Santhoshkumar-9447 answered Santhoshkumar-9447 edited

@amanpreetsingh-msft I am using my Organization Azure AD for Multi tenant Microsoft Login and created a multi-tenant app registration for the same. The requirement is to allow users from only few domains to login. Like I mentioned in the above comment, its not working as expected.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.