You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This article shows you how to assign users or groups to enterprise applications in Azure Active Directory (Azure AD), either from within the Azure portal or by using PowerShell. When you assign a user to an application, the application appears in the user's [My Apps access panel](https://myapps.microsoft.com/) for easy access. If the application exposes roles, you can also assign a specific role to the user.
20
20
21
-
For greater control, certain types of enterprise applications can be configured to *require* user assignment. This option blocks everyone from signing in, except those users you explicitly assign to the application. When user assignment is *not required*, unassigned users won't see the app on their My Apps access panel, but they can still sign in to the application with a direct app URL (known as service provider-initiated sign-on) or the **User Access URL** in the application’s **Properties** page (known as identity provider-initiated sign on). For background, see [Managing access to apps](what-is-access-management.md).
21
+
For greater control, certain types of enterprise applications can be configured to *require* user assignment. This option blocks everyone from signing in, except those users you explicitly assign to the application. When user assignment is *not required*, unassigned users won't see the app on their My Apps access panel, but they can still sign in to the application by going directly to the application sign-in page or using the user access URL in the application's property page. For background, see [Managing access to apps](what-is-access-management.md).
22
22
23
23
To assign a user or group to an enterprise app, you'll need to sign in as a global administrator, application administrator, cloud application administrator, or the assigned owner of the enterprise app.
24
24
@@ -48,7 +48,7 @@ To require user assignment for an application:
48
48
5. Make sure the **User assignment required?** toggle is set to **Yes**.
49
49
50
50
> [!NOTE]
51
-
> If the **User assignment required?** toggle isn't available, you can use PowerShell to set this option on the service principal.
51
+
> If the **User assignment required?** toggle isn't available, you can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
52
52
53
53
6. Select the **Save** button at the top of the screen.
Copy file name to clipboardExpand all lines: articles/active-directory/manage-apps/what-is-access-management.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ With certain types of applications, you have the option of [requiring users to b
47
47
48
48
When user assignment is *not required*, unassigned users don't see the app on their My Apps access panel, but they can still sign in to the application itself (known as service provider-initiated sign-on) or they can use the **User Access URL** in the application’s **Properties** page (known as identity provider-initiated sign on).
49
49
50
-
For some applications, the option to require user assignment isn't available in the application properties. In these cases, you can use PowerShell to configure the setting.
50
+
For some applications, the option to require user assignment isn't available in the application properties. In these cases, you can use PowerShell to set the appRoleAssignmentRequired property on the service principal.
51
51
52
52
### Determining the user experience for accessing apps
53
53
@@ -83,9 +83,11 @@ Microsoft Applications (like Office 365 Exchange, SharePoint, Yammer, etc.) are
83
83
There are three main ways that a user can get access to a Microsoft-published application.
84
84
85
85
- For applications in the Office 365 or other paid suites, users are granted access through **license assignment** either directly to their user account, or through a group using our group-based license assignment capability.
86
-
- For applications that Microsoft or a Third Party publishes freely for anyone to use, users may be granted access through [user consent](configure-user-consent.md). This means that they sign in to the application with their Azure AD Work or School account and allow it to have access to some limited set of data on their account.
86
+
- For applications that Microsoft or a 3rd party publishes freely for anyone to use, users may be granted access through [user consent](configure-user-consent.md). This means that they sign in to the application with their Azure AD Work or School account and allow it to have access to some limited set of data on their account.
87
87
- For applications that Microsoft or a 3rd party publishes freely for anyone to use, users may also be granted access through [administrator consent](manage-consent-requests.md). This means that an administrator has determined the application may be used by everyone in the organization, so they sign in to the application with a Global Administrator account and grant access to everyone in the organization.
88
88
89
+
Some applications combine these methods. For example, certain Microsoft applications are part of an Office 365 subscription, but still require consent.
90
+
89
91
Users can access Office 365 applications through their Office 365 portals. You can also show or hide Office 365 applications in the My Apps access panel with the [Office 365 visibility toggle](hide-application-from-user-portal.md) in your directory's **User settings**.
90
92
91
93
As with enterprise apps, you can [assign users](assign-user-or-group-access-portal.md) to certain Microsoft applications via the Azure portal or, if the portal option isn't available, by using PowerShell.
0 commit comments