Protect application with microsoft azure AD

Question

I build an application with Azure directory.

I created an apps here:

https://apps.dev.microsoft.com

The problem is: all people can connect to my application with a microsoft account.

it is possible, because the application is in Active Directory, to prevent anyone to connect on my application except people in my active directory?

I tried many apps like active-directory from magium and other that use active directory with Azure graph API.

should I put a validation after

$entity = $ad->authenticate();

I work with PHP.

Anyone Know I can fixed it ?

Update

Authorization url:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=..&scope=..&response_type=code&approval_prompt=auto&client_id=&redirect_uri=...

Can you share how you're creating sign in URL in your application for authenticating the user? Essentially this is the URL your user will be redirected to for authentication. — Gaurav Mantri, Jul 25 '17 at 14:58

score 1 · Accepted Answer · answered Jul 25 '17 at 15:11

Please replace common in your sign-in URI with the name of your Azure AD (e.g company.onmicrosoft.com). So part of your sign-in URI would be:

https://login.microsoftonline.com/{company.onmicrosoft.com}/oauth2/v2.0/authorize?...rest...

This would ensure that only users from your Azure AD will be able to sign in. You can read more about the endpoints in Azure AD v2 here: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints.

1 Answers1