We want to use Azure AD as the authentication mechanism for our project. To do that, in our organization Azure AD, i have registered an application for our project, added the SPA redirect URI. Added the internal users into the same enterprise application by using Add Users/Groups. Since the frontend app is based on React, we are using @azure/msal-react for authentication and using org AD tenatid and the respective clientid in authConfig.js file with scope as User.Read. Here i am using loginRedirect to start the login process on load of application.
As we are using org Azure AD, there are other applications as well created by other developers. I want to restrict login of other internal users to access this application. I was trying to use User Assignment required as Yes to achieve that, but in that case it is asking for "Need Admin Approval" which we don't want. As for big organization, Global Admin/Application Admin/Cloud Admin will be in different timezone and user shouldn't wait to get the approval from them.
So is there any way i can restrict other internal users to access the application and show them unauthorized page when trying to access the application. Only allocated users would be able to login to the application.
Please suggest. If you need anymore info, please let me know. Thanks in advance.
To get rid of "Need Admin Approval" screen, please follow below steps:
I have tried in my environment, I was able to login to the application without waiting for Admin approval.
AFAIK, to restrict other internal users to access the application and show them unauthorized page when trying to access the application try making use of conditional access policies.
To know how to do that in detail, Make use of below references:
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-block-access#create-a-conditional-access-policy
c# - iOS authentication with Azure AD - Stack Overflow.