Is there a way to only authenticate users for my app that have been applied a specific role? I’m using React, Express, Node, Postgres DB.
We have many members in our Active Directory, but only want to allow users that have been given one of three roles to be able to be authenticated/logged in.
Is this something I achieve by a custom scope somehow, or is there another way to check roles before they are authenticated/logged in?
Here is my basic code for MSAL.
const config = {
auth: {
clientId: 'xxxxxx',
authority: 'https://login.microsoftonline.com/xxxxxxx',
redirectUri: '/'
},
cache: {
cacheLocation: "sessionStorage", // This configures where your cache will be stored
storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
}
};
const pca = new PublicClientApplication(config);
pca.addEventCallback(event => {
if(event.eventType === EventType.LOGIN_SUCCESS)
if(event){
console.log(event)
pca.setActiveAccount(event.payload.account);
}
});
Thanks!
Advertisement
Answer
After you integrate azure AD into your application, the users in your tenant can sign in your application with their username@xx.onmicrosoft.com account right?
Then you must have an azure ad application registered in azure portal. Now you want specific users to sign in your application, you can realize it by just add some configurations in azure ad portal, no need to check the user roles in your code. Following this document please.
Going to Azure Active Directory -> Enterprise applications -> choose the app you used in your app -> Properties -> Assignment required? set to yes then save
Switch from Properties blade to Users and groups blade -> click add user/group -> select users which you allow them to sign in your app -> click assign