How to configure app service identity provider?

Ernesto 61 Reputation points
2024-04-16T13:24:05.6633333+00:00

What is the difference among alternatives in the section

Client application requirement

  • Allow requests only from this application itself
  • Allow requests from specific client applications
  • Allow requests from any application (Not recommended)

and Identity requirement

  • Allow requests from any identity
  • Allow requests from specific identities
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,906 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ryan Hill 28,631 Reputation points Microsoft Employee
    2024-04-16T16:04:42.57+00:00

    Hi @Ernesto

    When you are configuring an app service identity provider, you're essentially creating the app registration that will be used in your directory tenant. From that aspect:

    1. Allow requests only from this application itself: This option restricts requests to only the application itself. It is useful when you want to limit access to the app service to only the application itself.
    2. Allow requests from specific client applications: This option allows requests from specific client applications. You can specify the client applications by their client IDs. This option is useful when you want to limit access to the app service to specific client applications.
    3. Allow requests from any application (Not recommended): This option allows requests from any application. However, it is not recommended as it can pose a security risk.
    4. Allow requests from any identity: This option allows requests from any identity. It is useful when you want to allow access to the app service to any identity.
    5. Allow requests from specific identities: This option allows requests from specific identities. You can specify the identities by their object IDs. This option is useful when you want to limit access to the app service to specific identities.

    The table under Configure Microsoft Entra authentication - Use built-in authorization policy - Azure App Service | Microsoft Learn further elaborates on these configurations, where allowedApplications refers to Client application requirement and allowedPrincipals refers to Identity requirement.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.