question

KomoroskeGina-5094 avatar image
0 Votes"
KomoroskeGina-5094 asked ·

Identity provider question - can I limit use of it on a per app basis?

This may seem like a no brainer for some, but I really am not sure because I don't create apps in Azure. But the question is in our B2C tenant, under the Identity Provider section, if I configure Google as an identity provider, can I limit the user of this Google Identity Provider to certain apps that I register in that B2C tenant? OR if I configure Google as an Identity Provider in my B2C tenant, does that leave "the door open" for all apps registered in that B2C tenant to be able to use Google as an Identity Provider? Or can I limit its use on a per app basis?

Thanks in advance for any insight!
Gina

azure-ad-b2c
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

Hello Gina,

Yes you can, you do this by utilizing the permissions and scopes blade for the AAD B2C Application Registration blade. More information on this can be found here :

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-apps

https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-native-application?tabs=applications

https://docs.microsoft.com/en-us/azure/active-directory-b2c/add-web-application?tabs=applications

If you haven't configured any permissions or scopes in your AAD B2C Application then you won't be able to access anythign that's validating the access token for permissions. For more information on how the permissions/scopes work see here : https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the detailed response. I will admit, it's a bit 'over my head' because I don't ever work with applications. But buried in that response I'm sure is the 'yes' to my question, whether or not you can limit the use of identity providers by application. For example, if we federate with Google, we only want app ABC to use that identity provider.

Thanks again for the info.
Gina

0 Votes 0 · ·